[dns-operations] DNS deluge for x.p.ctrc.cc

Lutz Donnerhacke lutz at iks-jena.de
Wed Mar 1 23:54:43 UTC 2006


* Paul Vixie wrote:
> # > ... there is no valid reason to spoof so blocking that capability takes
> # > nothing away from the internet.
> # 
> # Unfortunly, that's not true. Spoofing is a common and wide spread technique
> # to simulate multihoming without PI space. This is independant of an own AS.
>
> see [SAC004 5.1] (http://www.icann.org/committees/security/sac004.txt).

You assume a cooperation between the multihomer and the ISPs, which does not
exists. There is even no flow of information from the multihomer to the
(ab)used ISPs.

Even if they knew about, your suggested solution would be to explicitly
allow spoofing every large ISP addresses range from every large ISP network.

But let's stop here. There is not interesting information in this subject.



More information about the dns-operations mailing list