Why not just require TCP for a lookup if a response with an incorrect
TXID is received? You could require TCP for just the one lookup or for
some configured interval, say 1 hour. That should slow attackers down
substantially.
Joe Abley wrote:
On 9 Aug 2008, at 17:22, Church, Charles wrote:
What would the ip-blocking BGP feed accomplish? Spoofed source
addresses are a staple of the DNS cache poisoning attack.
Worst case scenario, you've opened yourself up to a new avenue of attack
where you're nameservers are receiving spoofed packets intended to
trigger a blackhole filter, bloc
2 matches
Mail list logo
