[afnog] ICMP/DNS tunneling mitigation

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Dec 20 09:39:14 UTC 2011

On Fri, Dec 16, 2011 at 12:15:32PM -0800,
 SM <sm at resistor.net> wrote 
 a message of 15 lines which said:

> You could block all off-net traffic from non-authenticated clients.

Won't work (think about how DNS works).

More information about the afnog mailing list