nanog mailing list archives
Re: Great Suggestion for the DNS problem...?
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 29 Jul 2008 09:54:25 +0200
* Paul Vixie:
Listen on 200 random fake ports (in addition to the true query ports);
at first glance, this is brilliant, though with some unimportant nits.
It doesn't work OOTB for most users because the spoofed packets never reach the name server process if you don't use the ports to send packets to the authoritative server which is spoofed--the wonders of stateful firewalling.
Current thread:
- Re: Great Suggestion for the DNS problem...?, (continued)
- Re: Great Suggestion for the DNS problem...? Steven M. Bellovin (Jul 29)
- Re: Great Suggestion for the DNS problem...? Mohacsi Janos (Jul 29)
- Re: Great Suggestion for the DNS problem...? Mikael Abrahamsson (Jul 29)
- Re: Great Suggestion for the DNS problem...? Laird Popkin (Jul 29)
- Re: Great Suggestion for the DNS problem...? Tony Finch (Jul 29)
- Re: Great Suggestion for the DNS problem...? Michael Smith (Jul 28)
- Re: Great Suggestion for the DNS problem...? Matt F (Jul 28)
- Re: Great Suggestion for the DNS problem...? Randy Bush (Jul 29)
- Re: Great Suggestion for the DNS problem...? Florian Weimer (Jul 29)