I respectfully disagree. Network engineers have to keep up with many tasks and preventing DoS/DDoS should be the responsibility of everyone. I see more folks worried about spam than they are actual security.
My two cents. -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Look for us at HostingCon 2009 in Washington, DC on August 10th - 12th at Booth #401. On Fri, Jan 23, 2009 at 9:05 PM, Seth Mattinen <se...@rollernet.us> wrote: > Noel Butler wrote: >> >> On Sat, 2009-01-24 at 07:21, Chris McDonald wrote: >> >>> We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the >>> same :/ >>> >> >> >> >> Wrong approach, they are *innocent* in this as are the new targets. >> >> insert into your favourite acl: >> deny udp host 66.230.160.1 neq 53 any eq 53 >> deny udp host 66.230.128.15 neq 53 any eq 53 >> >> But it's much less work to add a filter on the name server as others >> have mentioned. >> >> > > > Having the world trying to keep up with ACL entries seems futile. Is there > really nothing to be done about this? (Yes, I know, BCP38, but obviously the > accomplice providers don't care.) > > ~Seth > >