• My Tweats

    • Flickr Photos

    DNS DDOS Mitigation Update

    I posted on the DNS DDOS attacks here and here.

    I realize I left out one of the prudent steps all organizations should enforce as part of their Network Security Policy:

    • Only allow your internal clients to talk to your own DNS servers. This negates the situation were they are bot'd and used as part of a DNS DDOS.
    • If you have IT support people who may need to do direct DNS queries against other DNS servers on the internet as part of a troubleshooting function, either only allow them explicitly, or set up a test/support machine that allows unfettered DNS queries (but requires explicit access authorization..
    • Audit this policy and exceptions to it on a semi-annual basis.

    Also, via DIGG, here is an additional article on DNS DDOS.

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Google photo

    You are commenting using your Google account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s

    %d bloggers like this: