Open Resolver Problems
Dobbins, Roland
rdobbins at arbor.net
Mon Apr 1 16:50:30 UTC 2013
On Apr 1, 2013, at 11:18 PM, Patrick W. Gilmore wrote:
> Of course, since users shouldn't be using off-net name servers anyway, this isn't really a problem! :)
;>
It's easy enough to construct ACLs to restrict the broadband consumer access networks from doing so. Additional egress filtering would catch any reflected attacks, per your previous comments.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the NANOG
mailing list