[dns-operations] First experiments with DNS dampening to fight amplification attacks

paul vixie paul at redbarn.org
Fri Oct 26 14:32:57 UTC 2012


On 10/26/2012 7:11 AM, Dobbins, Roland wrote:
> On Oct 26, 2012, at 11:19 AM, paul vixie wrote:
>
>> this sounds like a new application of 'the chemical polluter business model'.
> There's more to it than that, though.  It's important to understand that those who are purchasing and deploying network gear often are nonspecialists, and so frustrations, project delays, etc. would crop up in the customer organizations - who would then complain vociferously to the network infrastructure vendors and/or simply switch to a vendor which didn't enable anti-spoofing as a default.

i just don't see it. there isn't more to it than that. from the point of
view of everyone on the connected internet, it is a bad idea to let some
new person connect some new router that forwards packets, if that person
is unaware of the s.a.v. issue. if a vendor won't make s.a.v. the
default because they need the new business and they don't want the
training burden of making sure they understand the issues of s.a.v.,
then they are following the 'chemical polluter business model' where the
money is made "here" and the impact is only felt "over there".

paul



More information about the dns-operations mailing list