I recently went through a Cisco security course and learned about the ASA's 'DNS Rewrite' function which seems like a handy tool internally. I'm curious if there's ever been an effort to re-work that function outward; it seems like the ability to rewrite DNS against certain DDoS attacks(like, re-writing the IP to 127.0.0.1 when replying to the attacker for example) could be a good tool in the arsenal against attacks. Has anyone attempted to use something like DNS re-write in this manner, and if so what were the results?
Network Engineer, JNCIS-M > 214-981-1954 (office) > 214-642-4075 (cell) > jbrash...@hq.speakeasy.net http://www.speakeasy.net _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/