[dns-operations] If I were the suspicious type.... (was:DNSAmplification Attacks)
caleb.dods at bell.ca
caleb.dods at bell.ca
Thu Mar 23 14:23:38 UTC 2006
Paul Vixie wrote:
>we (dave rand, my cofounder at MAPS, and i) are STILL fighting with
isp's
>to close down outbound tcp/25 from their dynamic address pools.
there's
>an unbelievable amount of pushback, from well meaning but ignorant
civil
>libertarians mostly. it's a similar story to open recursion -- i don't
>like to see this kind of change, but the status quo has become even
worse.
I think the parallel to spam is perfect. "Getting rid" of open relays &
Blocking port 25 have been have had the two biggest impacts in making
spam manageable. It effectively creates "choke point" on the MTA where
spam ingoing and outgoing can be caught.
"Getting rid" of open recursers and blocking port 53 should have a very
similar effect.
Caleb
More information about the dns-operations
mailing list