On Jun 3, 2014, at 3:45 AM, Damian Menscher <[email protected]> wrote:
> My preferred approach is to identify and remediate networks that permit > source-address spoofing in violation of BCP38, as there are far fewer > choke-points, and incremental progress makes the attacker's job progressively > more difficult (as they have to find connectivity among a dwindling set of > irresponsible providers). This approach also also has the advantage of making it more difficult for attackers to launch other types of reflection/amplification attacks, so it's a far bigger improvement. ---------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Equo ne credite, Teucri. -- Laocoön _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
