Reply to post: Re: flees indeed

Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack

P. Lee

Re: flees indeed

Switching to TCP would fix the spoofing issue. Amplification is still an issue but at least we'd get some real IP addresses out of it to track down the botnets, making every attacking host reveal itself.

DNSSEC would be nice, but that fixes a different problem and I think I prefer DNS over TCP - or rather TLS, which is an easier thing to do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon