nanog mailing list archives

Re: Open Resolver Problems

From: Alain Hebert <ahebert () pubnix net>
Date: Wed, 27 Mar 2013 08:20:05 -0400

    Same ol' same ol'

    (at least since I started this around '93 =D)

On 03/26/13 22:25, Jon Lewis wrote:

On Tue, 26 Mar 2013, Matthew Petach wrote:

The concern Valdis raised about securing recursives while still
being able to issue static nameserver IPs to mobile devices
is an orthogonal problem to Owen putting rate limiters on
the authoritative servers for he.net.  If we're all lighting up
pitchforks and raising torches, I'd kinda like to know at which
castle we're going to go throw pitchforks.


BCP38.  As you can see from the wandering conversation, there are many
attack vectors that hinge on the ability to spoof the source address,
and thereby misdirect responses to your DDoS target.  BCP38 filtering
stops them all.  Or, we can ignore BCP38 for several more years, go on
a couple years crusade against open recursive resolvers, then against
non-rate-limited authoratative servers, default public RO SNMP
communities, etc.

----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
                             |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

    IP Spoofing still exists because of lazy Peers...

    Same as the ability to hijack a subnet with BGP...  ( *wave* DoD
from 2-3 weeks ago )

    But, as always, its our responsibility to kill our infrastructure,
was IRC Servers in the past, now DNS Servers...

    Just for those lazy Peers to not HAVE to fix their broken setup.

    Same ol', same ol'.

-----
Alain Hebert                                ahebert () pubnix net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems Owen DeLong (Mar 26)
    - Re: Open Resolver Problems Doug Barton (Mar 26)
    - Re: Open Resolver Problems Owen DeLong (Mar 26)
    - Re: Open Resolver Problems joel jaeggli (Mar 26)
    - Re: Open Resolver Problems John Levine (Mar 26)
    - Re: Open Resolver Problems Matthew Petach (Mar 26)
    - Re: Open Resolver Problems Tom Paseka (Mar 26)
    - Re: Open Resolver Problems Matthew Petach (Mar 26)
    - Re: Open Resolver Problems Jon Lewis (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Alain Hebert (Mar 27)
    - Re: Open Resolver Problems Jared Mauch (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)

(Thread continues...)