> Check also ICMP "packet too big" coming in with ridiculous sizes, they > might be the sign that someone is trying the Shulman attack.
JFTR It's one ICMP packet per the fragmentation cache timeout and the unique destination IP. I wish we had found out some way to enforce BCP38 before spoofing became a problem:( O. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
