Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

There isn't really a resolution for the problem.  The packets are
spoofed, we can't just block all the requested IP addresses.  However by
blocking the specific type of packet, when we know it shouldn't be
coming through, we can at least prevent our own servers from responding
to the queries and contributing to the problem of amplification
attacks.  What more do you think we can do from our side?


On 04/03/2013 08:25 AM, Aaron J. Angel wrote:
>
>> I'm starting to wonder if we should make it a policy to drop all ANY
>> requests?  It seems that is the key factor behind all of these attacks,
>> and other than the servers talking between themselves, I don't know of
>> any use a client would have for such a query.
>
> This doesn't resolve the problem, it just covers it up a portion of
> it. http://www.corecom.com/external/livesecurity/dnsamplification.htm
>