nanog mailing list archives

Re: Ingress filtering on transits, peers, and IX ports

From: Chris Adams <cma () cmadams net>
Date: Tue, 13 Oct 2020 21:49:19 -0500

Once upon a time, Eric Kuhnke <eric.kuhnke () gmail com> said:

Considering that one can run an instance of an anycasted recursive
nameserver, under heavy load for a very large number of clients, on a $600
1U server these days... I wonder what exactly the threat model is.


A customer forwarded one of these notices to us - looked like it's about
recursive DNS cache poisoning.  It's been a while since I looked
closely, but I thought modern recursive DNS software was pretty
resistant to that, and anyway, the real answer to that is DNSSEC.

I could be wrong, but getting a scary-sounding OMG SECURITY ALERT email
from some group I've never heard of (and haven't AFAIK engaged the
community about their "new" attack, scans, or notices)... seems more
like shameless self promotion.

-- 
Chris Adams <cma () cmadams net>

Current thread:

Re: Ingress filtering on transits, peers, and IX ports, (continued)
- - - Re: Ingress filtering on transits, peers, and IX ports Baldur Norddahl (Oct 20)
    - Re: Ingress filtering on transits, peers, and IX ports Brian Knight via NANOG (Oct 22)
    - RE: Ingress filtering on transits, peers, and IX ports adamv0025 (Oct 23)
    - Re: Ingress filtering on transits, peers, and IX ports Tim Durack (Oct 20)
    - Re: Ingress filtering on transits, peers, and IX ports Marcos Manoni (Oct 20)
    - Re: Ingress filtering on transits, peers, and IX ports Dobbins, Roland (Oct 20)
    - Re: Ingress filtering on transits, peers, and IX ports Nick Hilliard (Oct 14)
    - Re: Ingress filtering on transits, peers, and IX ports Mike Hammett (Oct 14)
    - Re: Ingress filtering on transits, peers, and IX ports Jared Mauch (Oct 14)
- Re: Ingress filtering on transits, peers, and IX ports Eric Kuhnke (Oct 13)
  - Re: Ingress filtering on transits, peers, and IX ports Chris Adams (Oct 13)
    - Re: Ingress filtering on transits, peers, and IX ports Eric Kuhnke (Oct 13)
    - Re: Ingress filtering on transits, peers, and IX ports Seth Mattinen (Oct 13)
    - Re: Ingress filtering on transits, peers, and IX ports Casey Deccio (Oct 14)
    - Re: Ingress filtering on transits, peers, and IX ports Mark Andrews (Oct 14)
  - Re: Ingress filtering on transits, peers, and IX ports Brian Knight via NANOG (Oct 14)
    - Re: Ingress filtering on transits, peers, and IX ports Bryan Holloway (Oct 14)
    - Re: Ingress filtering on transits, peers, and IX ports Casey Deccio (Oct 14)
    - Re: Ingress filtering on transits, peers, and IX ports Mel Beckman (Oct 14)
    - Re: Ingress filtering on transits, peers, and IX ports Eric Kuhnke (Oct 14)
    - Re: Ingress filtering on transits, peers, and IX ports Casey Deccio (Oct 19)

(Thread continues...)