[dns-operations] Amplification attack today ?
lutz at iks-jena.de
Mon Mar 5 08:17:11 UTC 2007
* Michael Monnerie wrote:
> That's what I mean. It has to be transported over media into the admins
> ears and brains, that you will be blacklisted if your DNS setup is crap.
Who determines a configuration as "crap"? Blacklists and blocking are a
classical technical solution to a classical social problem and therefore
will not work at all.
I personally get blacklisted every few days, because I host anti-spam
ressources. And because some (larger) German ISPs link to this ressources
in their autoresponse messages, the classic American anti-spam fighter
consider the autoresponse as spam itself, because it's written in German.
Viola: My AS is listed as bullet proof spammer hosting.
It took years to convince companies like Sony to drop blacklisting on mail,
because of such errornous reports. I do not fix the blacklists anymore,
I tell the blacklist users, that the blacklists are evil (as they are).
I you consider blocking root servers or BGP on blacklists, I must stronly
oppose. Otherwise you will build a "Internet for Joe User" and the real
bussiness hat to switch to a different infrastructure (i.e. alternative root
servers), because they can't fight the militant "anti-" fighters.
More information about the dns-operations