[dns-operations] "it's like having a pizza delivered to a friend's house as a prank."
pierre at baume.org
Thu Mar 23 08:44:00 UTC 2006
On 3/23/06, Per Heldal <heldal at eml.cc> wrote:
Don't forget that a "carrot" to some is a "stick" to others. Maybe it's
> better to approach the problem from a different angle than the ISP in
> the case of bcp38 compliance. What if a significant group of those who
> are hurt the most from attacks (content- and hosting-providers)
> cooperate to distribute probes, collect data and take active measures
> against non-compliant networks? It shouldn't take much to convince ISP's
> to filter if the cost related to such filtering is minor. Blocked
> access to the likes of Google, Yahoo and Hotmail should make wonders ...
> Previous research indicate that about 2/3 already are compliant. That
> makes this an even more powerful stick against the remaining 1/3.
Agreed. But to get there, we need better ways to detect BCP38
The infrastructure is there (address and routing registries), but in bad
shape, because it's not used enough (at least for this purpose).
The tools aren't exactly there either. Which NOC will see a red alert when
spoofed traffic shows up, when this part of the traffic is small compared to
the rest? How much tweaking will be needed to get there?
And sure, spoofed traffic can be hard to detect, but this doesn't mean
none of it can be detected. Specially when attacks last for hours/days.
PS: And of course, in parallel, we could fix UDP so that packets sent in
either direction have the same size. But that might take longer. ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations