[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDoS using port 0 and 53 (DNS)

Subject: DDoS using port 0 and 53 (DNS)
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Thu, 26 Jul 2012 04:03:01 +0000
In-reply-to: <F3318834F1F89D46857972DD4B411D7005385E1412@exchange>
References: <[email protected]> <F3318834F1F89D46857972DD4B411D7005385E1412@exchange>

On Jul 26, 2012, at 5:13 AM, Drew Weaver wrote:

> Another nice "emerging" tool [I say emerging because it's been around forever but nobody implements it] to deal with this is Flowspec, using flowspec you can instruct your Upstream to block traffic with much more granular characteristics.

flowspec is essentially S/RTBH with layer-4 granularity (it can do some other things, as well).  I certainly hope that vendors who've not yet implemented it will do so, it's a great tool, as you say.

Even customer-triggered S/RTBH is very useful, and some ISPs have implemented it for their customers.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

References:
- DDoS using port 0 and 53 (DNS)
  - From: frnkblk at iname.com (Frank Bulk)
- DDoS using port 0 and 53 (DNS)
  - From: drew.weaver at thenap.com (Drew Weaver)

Prev by Date: IPv6 only streaming video
Next by Date: Another LTE network turns up as IPv4-only squat space + NAT
Previous by thread: DDoS using port 0 and 53 (DNS)
Next by thread: Paging Deutsche Telekom
Index(es):
- Date
- Thread