[dns-operations] Media coverage of amplification attacks opening pandoras box?

Matt Ghali matt at snark.net
Sat Mar 25 19:16:36 UTC 2006


On Sat, 25 Mar 2006, Florian Weimer wrote:

> * Randy Bush:
>> yes.  security through obscurity does not work very well.
>
> There's quite a bit of empirical evidence that delaying disclosure
> also delays exploitation.  And given enough delay, we might have
> implemented network-wide changes which address the BCP38 issue, for
> instance.

You are correct! It took a lot longer for my boss to find me when I 
was hiding underneath my desk. The funny thing is, when he did find 
me, it was a lot easier for him to kick me in the ribs!

More on-topic, I am sure that had we not started making all that 
noise about "spam", we could have gotten all those pesky open relays 
locked down before they started getting abused.

It's pretty clear that we're beyond a point where sticking our 
collective heads in the sand could have any possible percieved 
benefit. Now can we continue discussing solutions without the 
schadenfreude?

matto

--matt at snark.net------------------------------------------<darwin><
   Moral indignation is a technique to endow the idiot with dignity.
                                                 - Marshall McLuhan



More information about the dns-operations mailing list