nanog mailing list archives
Re: Schneier: ISPs should bear security burden
From: "Steve Sobol" <sjsobol () JustThe net>
Date: Thu, 28 Apr 2005 10:20:37 -0400
Mark Newton <newton () internode com au> wrote:
On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote: > Any IP that a provider allows servers on should have > distinctive, non-dynamic-looking DNS (and preferably be in a separate > netblock from the dynamically-assigned IPs). What the hell is a "non-dynamic-looking DNS"? Sure, if I see something like "static-192-168-1-1.isp.net" I can be reasonably sure that it's non-dynamic-looking, but what does the same thing look like in Portugese? German? Spanish? French? (Korean? Chinese?)
France Telecom has a reasonably easy-to-understand naming scheme that ends in <POP-Location>.wanadoo.fr. Deutsche Telekom has an equally easy-to-understand scheme that ends in dip.t-dialin.de (for their German dialups, anyhow).
Just wait'll we start getting unicode DNS names in non-English alphabets. Perhaps then you can tell what to look for in a string of Kanji symbols which might be suggestive of the concept of "static".
There are some basic rules of thumb you can use. The problem is that they're not guaranteed to work. The best solution was created years ago (Gordon Fecyk's DUL, which lists IP ranges the ISPs specifically register as dynamic/not supposed to host servers) and eventually came under the purview of Kelkea/MAPS, but there wasn't a ton of ISP buy-in. If we could create a similar list and actually get ISPs to register the appropriate netblocks (and not mix in IPs where servers are allowed, and IPs where they aren't, in the same block), that'd be great. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / sjsobol () JustThe net / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"
Current thread:
- Re: Schneier: ISPs should bear security burden, (continued)
- Re: Schneier: ISPs should bear security burden Suresh Ramasubramanian (Apr 26)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 26)
- Re: Schneier: ISPs should bear security burden Steve Sobol (Apr 27)
- Re: Schneier: ISPs should bear security burden Steven M. Bellovin (Apr 27)
- Re: Schneier: ISPs should bear security burden Bill Stewart (Apr 27)
- Re: Schneier: ISPs should bear security burden Steve Sobol (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Steven J. Sobol (Apr 27)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 27)
- Re: Schneier: ISPs should bear security burden Mark Newton (Apr 27)
- Re: Schneier: ISPs should bear security burden Steve Sobol (Apr 28)
- Re: Schneier: ISPs should bear security burden Steven Champeon (Apr 29)
- Re: Schneier: ISPs should bear security burden Valdis . Kletnieks (Apr 28)
- Re: Schneier: ISPs should bear security burden Steven Champeon (Apr 29)
- Re: Schneier: ISPs should bear security burden Suresh Ramasubramanian (Apr 29)
- Re: Schneier: ISPs should bear security burden Steven Champeon (Apr 29)
- Re: Schneier: ISPs should bear security burden Nicholas Suan (Apr 30)
- Re: Schneier: ISPs should bear security burden Owen DeLong (Apr 26)
- Re: Schneier: ISPs should bear security burden Suresh Ramasubramanian (Apr 26)
- Re: Schneier: ISPs should bear security burden Adi Linden (Apr 28)
- Re: Schneier: ISPs should bear security burden Iljitsch van Beijnum (Apr 28)
- Re: Schneier: ISPs should bear security burden Adi Linden (Apr 28)
- Re: Schneier: ISPs should bear security burden Iljitsch van Beijnum (Apr 28)