[dns-operations] First experiments with DNS dampening to fight amplification attacks

Dobbins, Roland rdobbins at arbor.net
Fri Oct 26 07:11:47 UTC 2012


On Oct 26, 2012, at 11:19 AM, paul vixie wrote:

> this sounds like a new application of 'the chemical polluter business model'.

There's more to it than that, though.  It's important to understand that those who are purchasing and deploying network gear often are nonspecialists, and so frustrations, project delays, etc. would crop up in the customer organizations - who would then complain vociferously to the network infrastructure vendors and/or simply switch to a vendor which didn't enable anti-spoofing as a default.

Time and time again, it's been demonstrated that most human beings are simply incapable of/uninterested in properly assessing abstract risk models.  This is why nobody really cares about security except when they've been hit, and even then, only for the immediate duration of their distress - and to be fair, the capex and opex savings of playing the odds and simply ignoring security risks often ends up as a net positive, from an economic perspective.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton




More information about the dns-operations mailing list