-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all,
as I believe most of us have encountered some DNS (DNSSEC) amplification attacks, I wonder if any of you had some success of stopping these using a SRX device. My current approach would be to write an IDP signature which detects "ANY" requests on UDP and just throw them away - but this is surely not the most elegant solution. Does anyone have some other ideas or maybe even solutions? I have seen some implementations on the DNS-server side - but as always, if there is some closed source server behind you need to find another way.. Thanks, Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBS5V4ACgkQrUvjMoak8ZdIKQCfZOGEpltfUajoYWFMYlQPf2sG JmQAn1MOIsbnO3nACqUIRBZDEfDdhisB =sW4V -----END PGP SIGNATURE----- _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
