[dns-operations] about DNS attack

Roland Dobbins rdobbins at arbor.net
Mon Jun 2 22:52:13 UTC 2014

On Jun 3, 2014, at 3:45 AM, Damian Menscher <damian at google.com> wrote:

>  My preferred approach is to identify and remediate networks that permit source-address spoofing in violation of BCP38, as there are far fewer choke-points, and incremental progress makes the attacker's job progressively more difficult (as they have to find connectivity among a dwindling set of irresponsible providers).

This approach also also has the advantage of making it more difficult for attackers to launch other types of reflection/amplification attacks, so it's a far bigger improvement.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön

More information about the dns-operations mailing list