nanog mailing list archives
Re: Open Resolver Problems
From: Jon Lewis <jlewis () lewis org>
Date: Tue, 26 Mar 2013 22:25:32 -0400 (EDT)
On Tue, 26 Mar 2013, Matthew Petach wrote:
The concern Valdis raised about securing recursives while still being able to issue static nameserver IPs to mobile devices is an orthogonal problem to Owen putting rate limiters on the authoritative servers for he.net. If we're all lighting up pitchforks and raising torches, I'd kinda like to know at which castle we're going to go throw pitchforks.
BCP38. As you can see from the wandering conversation, there are many attack vectors that hinge on the ability to spoof the source address, and thereby misdirect responses to your DDoS target. BCP38 filtering stops them all. Or, we can ignore BCP38 for several more years, go on a couple years crusade against open recursive resolvers, then against non-rate-limited authoratative servers, default public RO SNMP communities, etc.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Re: Open Resolver Problems, (continued)
- Re: Open Resolver Problems Jared Mauch (Mar 27)
- Re: Open Resolver Problems Chris Adams (Mar 26)
- Re: Open Resolver Problems Owen DeLong (Mar 26)
- Re: Open Resolver Problems Doug Barton (Mar 26)
- Re: Open Resolver Problems Owen DeLong (Mar 26)
- Re: Open Resolver Problems joel jaeggli (Mar 26)
- Re: Open Resolver Problems John Levine (Mar 26)
- Re: Open Resolver Problems Matthew Petach (Mar 26)
- Re: Open Resolver Problems Tom Paseka (Mar 26)
- Re: Open Resolver Problems Matthew Petach (Mar 26)
- Re: Open Resolver Problems Jon Lewis (Mar 26)
- Re: Open Resolver Problems Paul Ferguson (Mar 26)
- Re: Open Resolver Problems Alain Hebert (Mar 27)
- Re: Open Resolver Problems Jared Mauch (Mar 26)
- Re: Open Resolver Problems Mark Andrews (Mar 26)
- Re: Open Resolver Problems Paul Ferguson (Mar 26)
- Re: Open Resolver Problems Mark Andrews (Mar 26)
- Re: Open Resolver Problems William Herrin (Mar 27)
- Re: Open Resolver Problems Joe Abley (Mar 27)
- Re: Open Resolver Problems Tony Finch (Mar 27)
- Re: Open Resolver Problems Jack Bates (Mar 27)