[dns-operations] DNS deluge for x.p.ctrc.cc

Joe Greco jgreco at ns.sol.net
Mon Feb 27 21:15:26 UTC 2006

> On Feb 27, 2006, at 1:55 PM, Andrew Sullivan wrote:
> > Note that I'm not saying people should or should not do this: I
> > really just don't know what people -- particularly root or TLD
> > operators -- should do.  But it does seem to me that this sort of
> > shunning might well actually accomplish something in at least some of
> > these cases (which is what makes it attractive, I expect).
> given what rodney and rob just posted regarding the generally  
> positive response they've received (and the fact that $$$ is a  
> motivating factor to fix), i'm starting to think that shunning might  
> well be effective (outweighing the possibly negative effects).
> > I also wonder about the potential for unintended effects in such an
> > arms race.  Perhaps the attackers will go after something more subtle
> > and therefore harder to work around, if shunning is effective.
> possibly, but surely we shouldn't "do nothing" (not that you're  
> saying "do nothing", but people may infer that from what you just  
> said :) )
> but again (from one of paul's early posts), who would sign up for a  
> bgp or http feed to shun these servers?  i'm afraid if at least a few  
> sufficiently large providers (or root-ops, or tlds), it won't be  
> effective anyway.

If shunning would be effective, wouldn't it make more sense to shun
networks that don't implement BCP38?  We could fix a wide *range* of
future attack vectors, rather than just this relatively small single
vector that doesn't even address all of the ways to abuse DNS for this
sort of thing.

... JG
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

More information about the dns-operations mailing list