Mitigating DNS amplification attacks
Dobbins, Roland
rdobbins at arbor.net
Wed May 1 00:45:25 UTC 2013
On May 1, 2013, at 7:42 AM, Thomas St-Pierre wrote:
> As for BCP38, I would love to stop the spoofed packets, however with them coming from our upstreams, (Level3, Cogent, Tata, etc) I don't see how we can.
Contact them on a case-by-case basis to report the spoofed traffic used to stimulate the servers into responding, including the layer-4 classification criteria, traffic rates, and timestamps available via flow telemetry.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the NANOG
mailing list