A DoS attack based on flooding the target with v4 DNS lookups requesting v6 AAAA host records from random spoofed address space. You can't filter based on port or you kill DNS. Adding rules in to block the spoofed IP's would be just unfeasible. What do you do? The best I could come up with was to get your upstream on the horn and have them trace it back then contact the network they trace it to, etc.., etc.. I really don't know any other way to go about it. Even if you could write something to filter on payload your performance would probably hit the floor. Any ideas?
Chris "So you're a PhD, just don't touch anything."
smime.p7s
Description: S/MIME cryptographic signature
