[148545] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DNS Attacks

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Wed Jan 18 03:06:40 2012

From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG Group <nanog@nanog.org>
Date: Wed, 18 Jan 2012 08:05:36 +0000
In-Reply-To: <2996806E-AFD9-442A-948B-82118461845E@ukbroadband.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org


On Jan 18, 2012, at 2:45 AM, Leigh Porter wrote:

> The firewall is significant because the attacks killed the firewall as it=
 is rather under specified (not my idea..).


DNS servers (nor any other kind of server, for that matter) should never be=
 placed behind stateful firewalls - the largest firewall one can build or b=
uy will choke under even moderate DDoS attacks due to state-table exhaustio=
n:

<https://files.me.com/roland.dobbins/679xji>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[148545] in North American Network Operators' Group

Re: DNS Attacks

daemon@ATHENA.MIT.EDU (Dobbins, Roland)Wed Jan 18 03:06:40 2012

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Wed Jan 18 03:06:40 2012