nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ingress filtering on transits, peers, and IX ports

From: Eric Kuhnke <eric.kuhnke () gmail com>
Date: Tue, 13 Oct 2020 20:04:41 -0700
If I had a dollar for every 'scary security alert' email received in a NOC
email inbox from a 'security researcher group' that is the results of a
port scan, or some small subset of trojan infected residential endpoint
computers attempting outbound connections on ($common_service_port), or
similar...



On Tue, Oct 13, 2020 at 7:50 PM Chris Adams <cma () cmadams net> wrote:


Once upon a time, Eric Kuhnke <eric.kuhnke () gmail com> said:

Considering that one can run an instance of an anycasted recursive
nameserver, under heavy load for a very large number of clients, on a

$600

1U server these days... I wonder what exactly the threat model is.


A customer forwarded one of these notices to us - looked like it's about
recursive DNS cache poisoning.  It's been a while since I looked
closely, but I thought modern recursive DNS software was pretty
resistant to that, and anyway, the real answer to that is DNSSEC.

I could be wrong, but getting a scary-sounding OMG SECURITY ALERT email
from some group I've never heard of (and haven't AFAIK engaged the
community about their "new" attack, scans, or notices)... seems more
like shameless self promotion.

--
Chris Adams <cma () cmadams net>
Previous By Date Next
Previous By Thread Next

Current thread: