4 Nov
2010
4 Nov
'10
12:21 p.m.
On Nov 5, 2010, at 7:31 AM, Timothy Goddard wrote:
Packets coming in to your network from outside with the source specifying an internal IP (like 192.168.0.0/16, 10.0.0.0/8, etc) should be dropped.
Concur - that's BCP38/BCP84.
If I read correctly, such a firewall would have stopped that particular DNS server from being used for amplification.
Firewalls are contraindicated; stateless ACLs are much better. ;> ----------------------------------------------------------------------- Roland Dobbins <rdobbins(a)arbor.net> // <http://www.arbornetworks.com> Sell your computer and buy a guitar.