We use Cisco Detector+Guard to protect our network infrastructure from network-level attacks. It's quite expansive, of cource, but you may ask your upstream provider whether it has such a service called "DDoS Protection" or something.
2009/11/21 Bryan Irvine <sparcta...@gmail.com> > Basically, you have to have a big enough server/cluster of servers, to > absorb an attack. > > No real defense from distributed dos. > > > > 2009/11/16 MontyRee <chulm...@hotmail.com>: > > > > Hello, all. > > > > > > I have operated some dns servers and I'm curious what should I do if > > ddos attck to my dns servers. > > > > So do you know how to defense against dns dddos attack like root server? > > > > Surely, various ddos attack may be occurred. > > > > My idea is.. > > > > > > -. filtering 53/udp traffic that the byte is over 512 byte > > -. rate-limit against 53/udp queries > > (but useless if the attack spoof the source ip) > > -. deny recursion > > -. anycast? > > > > > > Is ther any comments or proposal? > > > > > > Thanks in advance. > > > > > > > > > > _________________________________________________________________ > > 새로운 Windows 7: 일상 작업을 단순화하세요. 여러분에게 맞는 최상의 PC를 찾으세요. > > http://windows.microsoft.com/shop > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
