nanog mailing list archives
Re: DOS attack against DNS?
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Mon, 16 Jan 2006 09:52:13 -0800 (PST)
On Mon, 16 Jan 2006, Paul Vixie wrote:
Mark_Andrews () isc org (Mark Andrews) writes:For repeat offenders create a list of networks that won't implement BCP 38 and collectively de-peer with them telling them why you are de-peering and what is required to re-establish connectivity. It is in everyones interests to do the right thing here.people inside one of the largest networks have told me that they have customers who require the ability to bypass BCP38 restrictions, and that they will therefore never be fully BCP38 compliant. i've asked for BCP38 to become the default on all their other present and future customers but then there was whining about bankruptcy, old outdated equipment, and so on. sadly, there's no way to de-peer this network, or any other multinational, and so there will be no "peer pressure" on them to implement BCP38.
Consider people in the rest of the world who may purchase simplex satellite links. By definition they inject traffic in places they aren't announcing their route from.
so, it's either not in everyone's interests to do the right thing, or there is still a huge variance in what's considered "the right thing". either way, we're (the internet is) SCREWED until we (that's "we all") fix this. (if you're not seeing spoofed-source attacks, bully for you! i didn't see one today, either, but leaving this tool in the bad-guy toolbox makes us all unsafe, no matter how much or how little they may be using it this day/year.)
-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja () darkwing uoregon edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Current thread:
- DOS attack against DNS? Roy (Jan 14)
- Re: DOS attack against DNS? Mark Andrews (Jan 14)
- Re: DOS attack against DNS? Jeroen Massar (Jan 15)
- Re: DOS attack against DNS? Mark Andrews (Jan 15)
- Re: DOS attack against DNS? Paul Vixie (Jan 16)
- Re: DOS attack against DNS? Joel Jaeggli (Jan 16)
- Re: DOS attack against DNS? Paul Vixie (Jan 16)
- Re: DOS attack against DNS? Daniel Senie (Jan 16)
- Re: DOS attack against DNS? Mark Andrews (Jan 16)
- Re: DOS attack against DNS? Jeroen Massar (Jan 15)
- Re: DOS attack against DNS? Mark Andrews (Jan 14)
- Re: DOS attack against DNS? bmanning (Jan 15)
- Re: DOS attack against DNS? Paul Vixie (Jan 15)
- Re: DOS attack against DNS? Mark Andrews (Jan 15)
- Re: DOS attack against DNS? william(at)elan.net (Jan 16)
- Re: DOS attack against DNS? Alon Tirosh (Jan 16)