[dns-operations] about DNS attack
Roland Dobbins
rdobbins at arbor.net
Mon Jun 2 22:52:13 UTC 2014
On Jun 3, 2014, at 3:45 AM, Damian Menscher <damian at google.com> wrote:
> My preferred approach is to identify and remediate networks that permit source-address spoofing in violation of BCP38, as there are far fewer choke-points, and incremental progress makes the attacker's job progressively more difficult (as they have to find connectivity among a dwindling set of irresponsible providers).
This approach also also has the advantage of making it more difficult for attackers to launch other types of reflection/amplification attacks, so it's a far bigger improvement.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the dns-operations
mailing list