[dns-operations] DNS deluge for x.p.ctrc.cc

Matt Ghali matt at snark.net
Fri Mar 3 18:47:18 UTC 2006


On Fri, 3 Mar 2006, John Kristoff wrote:

> On Fri, Mar 03, 2006 at 06:17:55AM -0500, Geo. wrote:
>> It's been the root of a lot of problems, smurf, the sqlslammer worm, etc.
>> That's really the root of this problem as well and I don't know of anything
>> that will break if we get rid of the ability to spoof. The problem of a few
>
> There are a set of applications that will break and are being used
> for arguably useful purposes.  However, it could also be argued that
> their collateral damage is acceptable.  Some NAT traversal techniques
> and measurement applications such as the netmapper project done by
> Cheswick and Birch come to mind.

I assert that the lions share of this sort of traffic generation 
(asymettric path where source IP is being fudged) comes from sites 
where they or their service provider is aware that this sort of 
thing is taking place. Sattelite/dialup, wierd traffic engineering, 
whatever.

Given this assumption, arranging with providers to make special 
exceptions around reverse-path filters does not seem to be an 
unreasonable onus to levy on either the site or its service provider.

Really, if I am producing a film where we plan to blow up a car, I'd 
be required to involve the local fire department at the least. Why 
should emitting _possibly_ evil IP traffic be different?

matto

--matt at snark.net------------------------------------------<darwin><
               The only thing necessary for the triumph
               of evil is for good men to do nothing. - Edmund Burke



More information about the dns-operations mailing list