[dns-operations] A Case Against DNSSEC (A Matasano Miniseries)
robt at cymru.com
Wed Apr 4 16:14:27 UTC 2007
> Not everyone can afford to over provision, regardless of how
> responsible they are. There maybe limits to what's available to over
> provision with. Sometimes you have to get crafty.
Agreed, as well as verify, verify, verify. I'm not the only person
who has obtained GigE only to find out that the egress from the
router is only, say, OC12.
Massive over-provisioning at the edge is fine, but it isn't the only
location of finite resources. A 22Gbps attack can wipe out a lot of
gear and pipes on its way to its intended target. The miscreants are
often clever enough to figure out the weak points and go after them,
instead of attempting to fill the deepest bucket.
cmn_err(do_panic, "Out of coffee!");
More information about the dns-operations