[c-nsp] DNS rewrite & global capabilities
Jonathan Brashear
Jonathan.Brashear at hq.speakeasy.net
Mon Jun 29 09:33:02 EDT 2009
I recently went through a Cisco security course and learned about the ASA's 'DNS Rewrite' function which seems like a handy tool internally. I'm curious if there's ever been an effort to re-work that function outward; it seems like the ability to rewrite DNS against certain DDoS attacks(like, re-writing the IP to 127.0.0.1 when replying to the attacker for example) could be a good tool in the arsenal against attacks. Has anyone attempted to use something like DNS re-write in this manner, and if so what were the results?
Network Engineer, JNCIS-M
> 214-981-1954 (office)
> 214-642-4075 (cell)
> jbrashear at hq.speakeasy.net
http://www.speakeasy.net
More information about the cisco-nsp
mailing list