On Mon, 18 Aug 2008, Joe Baptista wrote:
No. I was thinking more of a smart porcupine with attitude. At least use the
IDS to notify the system
administrator an attack is in progress. I've attached a document that uses
snort to log the event. That could be
used to notify the system administrator.
But the vision I have is of an integrated DNS - IDS - Firewall solution with an
appropriate rules base for known
attack vectors.
Okay. So now an attack is going on, and your pager told you. What are you going
to do?
1) nothing
2) clean the cache every 5 minutes hoping the race won't do damage in between
cleanups
3) drop all incoming DNS packets for the spoofed domain, effectively DOS'ing
the domain under attack
4) enable DNSSEC to deal with the situation
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
