[dns-operations] If I were the suspicious type....(was:DNSAmplification Attacks)

John Palmer (NANOG Acct) nanog at adns.net
Thu Mar 23 15:12:31 UTC 2006


But it also denies choice to internet users who want to use
inclusive servers and locks people into using the ICANN
root.

Thats what the problem is. Those who would trade 
liberty for security deserve neither the liberty nor
the security and will have neither. 

----- Original Message ----- 
From: <caleb.dods at bell.ca>
To: <dns-operations at lists.oarci.net>
Sent: Thursday, March 23, 2006 8:23 AM
Subject: Re: [dns-operations] If I were the suspicious type....(was:DNSAmplification Attacks)


> 
> Paul Vixie wrote:
> 
> >we (dave rand, my cofounder at MAPS, and i) are STILL fighting with
> isp's
> >to close down outbound tcp/25 from their dynamic address pools.
> there's
> >an unbelievable amount of pushback, from well meaning but ignorant
> civil
> >libertarians mostly.  it's a similar story to open recursion -- i don't
> >like to see this kind of change, but the status quo has become even
> worse.
> 
> I think the parallel to spam is perfect. "Getting rid" of open relays &
> Blocking port 25 have been have had the two biggest impacts in making
> spam manageable. It effectively creates "choke point" on the MTA where
> spam ingoing and outgoing can be caught.
> 
> "Getting rid" of open recursers and blocking port 53 should have a very
> similar effect. 
> 
> Caleb 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
> 
> 




More information about the dns-operations mailing list