On 2020/4/2 12:25 下午, Mark Andrews wrote:
You use all the mechanisms available to you.
Traceback. Getting BCP38 installed at the sites emitting spoofed traffic help
yourself and everyone else. In many cases this is coming from compromised
machines.
You enable/tune response rate filtering.
You use DNS COOKIES and encourage your clients to use DNS COOKIES. This helps
sort the wheat from the chaff.
You talk to you local politicians about mandating BCP38 deployment in your
country. BCP 38 is 20 years old next month so there is unless one is actually
operating 20 year equipment there is no excuse for not having deployed BCP38 in
you network. This needs to see directors of ISPs sitting in gaol for not
deploying BCP 38.
Thanks. I never knew BCP38 before. I will try to study it.
regards.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
