4 Nov
2010
4 Nov
'10
7:21 a.m.
On Nov 5, 2010, at 7:31 AM, Timothy Goddard wrote:
Packets coming in to your network from outside with the source specifying an internal IP (like 192.168.0.0/16, 10.0.0.0/8, etc) should be dropped.
Concur - that's BCP38/BCP84.
If I read correctly, such a firewall would have stopped that particular DNS server from being used for amplification.
Firewalls are contraindicated; stateless ACLs are much better.
;>
-----------------------------------------------------------------------
Roland Dobbins