On 31/01/13 11:47, James Davis wrote:
We've been seeing an increasing number of reflected and amplified DNS attacks
over the last year, some more sophisticated than what you've described.
If the systems behind that port don't need to receive DNS traffic from
everywhere then I suggest blocking the DNS responses as far as is possible. You
can frequently get away with blocking just the handful of nameservers involved
but if the attackers have some clue they'll be cycling them often and including
authoritative servers for popular services.
Regards,
James
_______
Actually started to notice these more regularly in $dayjob too. DNS
responses to our entire address space, even the parts that are dark at
this time.
David.
