[dns-operations] DNS deluge for x.p.ctrc.cc
jgreco at ns.sol.net
Mon Feb 27 21:15:26 UTC 2006
> On Feb 27, 2006, at 1:55 PM, Andrew Sullivan wrote:
> > Note that I'm not saying people should or should not do this: I
> > really just don't know what people -- particularly root or TLD
> > operators -- should do. But it does seem to me that this sort of
> > shunning might well actually accomplish something in at least some of
> > these cases (which is what makes it attractive, I expect).
> given what rodney and rob just posted regarding the generally
> positive response they've received (and the fact that $$$ is a
> motivating factor to fix), i'm starting to think that shunning might
> well be effective (outweighing the possibly negative effects).
> > I also wonder about the potential for unintended effects in such an
> > arms race. Perhaps the attackers will go after something more subtle
> > and therefore harder to work around, if shunning is effective.
> possibly, but surely we shouldn't "do nothing" (not that you're
> saying "do nothing", but people may infer that from what you just
> said :) )
> but again (from one of paul's early posts), who would sign up for a
> bgp or http feed to shun these servers? i'm afraid if at least a few
> sufficiently large providers (or root-ops, or tlds), it won't be
> effective anyway.
If shunning would be effective, wouldn't it make more sense to shun
networks that don't implement BCP38? We could fix a wide *range* of
future attack vectors, rather than just this relatively small single
vector that doesn't even address all of the ways to abuse DNS for this
sort of thing.
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the dns-operations