On 9/4/2013 7:57 AM, Ondřej Surý wrote:
Check also ICMP "packet too big" coming in with ridiculous sizes, they
might be the sign that someone is trying the Shulman attack.
JFTR It's one ICMP packet per the fragmentation cache timeout and the unique
destination IP.
I wish we had found out some way to enforce BCP38 before spoofing became a
problem:(
Believe me, no one wishes that more than do I. :-/
- ferg
--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
IID --> "Connect and Collaborate" --> www.internetidentity.com
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
