nanog mailing list archives

Re: Open Resolver Problems

From: Jon Lewis <jlewis () lewis org>
Date: Tue, 26 Mar 2013 22:25:32 -0400 (EDT)

On Tue, 26 Mar 2013, Matthew Petach wrote:

The concern Valdis raised about securing recursives while still
being able to issue static nameserver IPs to mobile devices
is an orthogonal problem to Owen putting rate limiters on
the authoritative servers for he.net.  If we're all lighting up
pitchforks and raising torches, I'd kinda like to know at which
castle we're going to go throw pitchforks.

BCP38. As you can see from the wandering conversation, there are manyattack vectors that hinge on the ability to spoof the source address, andthereby misdirect responses to your DDoS target. BCP38 filtering stopsthem all. Or, we can ignore BCP38 for several more years, go on a coupleyears crusade against open recursive resolvers, then againstnon-rate-limited authoratative servers, default public RO SNMPcommunities, etc.


----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
                             |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems Jared Mauch (Mar 27)
    - Re: Open Resolver Problems Chris Adams (Mar 26)
    - Re: Open Resolver Problems Owen DeLong (Mar 26)
    - Re: Open Resolver Problems Doug Barton (Mar 26)
    - Re: Open Resolver Problems Owen DeLong (Mar 26)
    - Re: Open Resolver Problems joel jaeggli (Mar 26)
    - Re: Open Resolver Problems John Levine (Mar 26)
    - Re: Open Resolver Problems Matthew Petach (Mar 26)
    - Re: Open Resolver Problems Tom Paseka (Mar 26)
    - Re: Open Resolver Problems Matthew Petach (Mar 26)
    - Re: Open Resolver Problems Jon Lewis (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Alain Hebert (Mar 27)
    - Re: Open Resolver Problems Jared Mauch (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems Paul Ferguson (Mar 26)
    - Re: Open Resolver Problems Mark Andrews (Mar 26)
    - Re: Open Resolver Problems William Herrin (Mar 27)
    - Re: Open Resolver Problems Joe Abley (Mar 27)
    - Re: Open Resolver Problems Tony Finch (Mar 27)
    - Re: Open Resolver Problems Jack Bates (Mar 27)

(Thread continues...)