[AusNOG] "stateless TCP" for DNS

Dobbins, Roland rdobbins at arbor.net
Mon Nov 15 12:51:12 EST 2010


On Nov 14, 2010, at 11:12 PM, Terry Manderson wrote:

> The next thought I have, is along the lines of the good old SYN flood attack.. or other security facets... :-)


There are well-known, widely-understood techniques for detecting/classifying/tracing back/mitigating these, however; they're a threat to DNS today, so that wouldn't change.

What *would* change, hopefully, is getting rid of the attack vectors DNSSEC a) is subject to and b) enables.

;>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

 	       Sell your computer and buy a guitar.







More information about the AusNOG mailing list