[dns-operations] Amplification attack today ?
michael.monnerie at it-management.at
Fri Mar 2 22:05:22 UTC 2007
On Freitag, 2. März 2007 16:13 Paul Vixie wrote:
> it would have to be done by bgp blackholes rather than dns
> blackholes. and since it's a public service rather than a real time
> operational shield, there could be a simple rotation of "1000 at a
> time", perhaps changed every hour or every day.
It should be at least a day (better more), lots of small companies here
don't have quick support, they would just wonder why they can't work
for one hour. That's quicker than most external IT support companies
have as reaction time to look at the customers servers.
> > I am ready to dismiss this idea.
> as a rootop, so am i. but as an operator of the vix.com server, i'd
> be willing to consider it. on the internet, there is no growth
> without pain.
That's what I mean. It has to be transported over media into the admins
ears and brains, that you will be blacklisted if your DNS setup is
crap. Today it's clear to most admins that your mailserver is gonna be
blacklisted when it's an open relay, but that didn't come because
admins are more clever now (it's more the opposite ;-), it came because
And when there are problems because of bad DNS configs, somebody has to
step on the admins toes. I'm not a DNS guru, and I'm sure somebody will
have a good idea of how to do it. It's just - somebody should start
with it :-)
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi4.asc | gpg --import"
// Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F 1C6F E6B0
// Keyserver: www.keyserver.net Key-ID: 1C6FE6B0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the dns-operations