What would the ip-blocking BGP feed accomplish? Spoofed source
addresses are a staple of the DNS cache poisoning attack.
Worst case scenario, you've opened yourself up to a new avenue of
attack where you're nameservers are receiving spoofed packets intended
to trigger a blackhole filter, blocking communication between your
network and the legitimate owner of the forged ip address.
Yes, but what about blocking the addresses of recursive resolvers that
are not yet patched?
That would certainly stop them from being poisoned, and incent their
owners to patch...
1/2 :-)
Brian
Michael Smith wrote:
Still off topic, but perhaps a BGP feed from Cymru or similar to
block IP
addresses on the list?
Regards,
Mike