[c-nsp] DNS amplification
Gert Doering
gert at greenie.muc.de
Sun Mar 17 06:38:37 EDT 2013
Hi,
On Sat, Mar 16, 2013 at 03:59:25PM -0700, Laurent Geyer wrote:
> Curious, how does uRPF help under this scenario? Although the source address is spoofed, the target is stil valid destination address.
uRPF helps everybody else - those of your customers with infected machines
(and don't claim there aren't any) will not be able to initiate reflection
attacks against other folks.
gert,
deploying uRPF since 10+ years "it's really not that hard"
(PS: and yes, the fact that Sup720 can't do IPv6 uRPF in hardware stinks)
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130317/671ce785/attachment.sig>
More information about the cisco-nsp
mailing list