On Jun 15, 2008, at 8:02 PM, Joe Greco wrote:
I think a real solution would be more sophisticated than this, but it's a starting point.
In addition to the BCPs already mentioned by Sean and Nathan, a good detection/classification/traceback system plus S/RTBH can be helpful, and there are commercial DDoS mitigation services/scrubbers available from various SPs/vendors which have DNS-specific functionality, as well. Blocking TCP/53 is definitely not an optimal solution, as many have already pointed out. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // +66.83.266.6344 mobile History is a great teacher, but it also lies with impunity. -- John Robb