If I'm not mistaken, this year's migration to DNS servers supporting randomized source UDP ports (based on the Kaminsky thing) may throw a wrench into some notions of filtering UDP traffic across their network. I know we had issues with it.
David 2009/9/30 Stefan Fouant <sfou...@gmail.com>: > On Wed, Sep 30, 2009 at 5:09 AM, Masood Shah <masoods...@juniper.net> wrote: > >> >> If you are REALLY paranoid, you can DROP all UDP traffic and then only open >> the ports that you have services running on. Sometimes this is easier said >> than done though. >> > > I wouldn't call this paranoia. I would call this "good security posture". > > -- > Stefan Fouant > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
