[dns-operations] First experiments with DNS dampening to fight amplification attacks

WBrown at e1b.org WBrown at e1b.org
Fri Oct 26 15:15:35 UTC 2012 

paul vixie <paul at redbarn.org> wrote on 10/26/2012 10:32:57 AM:

> i just don't see it. there isn't more to it than that. from the point of
> view of everyone on the connected internet, it is a bad idea to let some
> new person connect some new router that forwards packets, if that person
> is unaware of the s.a.v. issue. if a vendor won't make s.a.v. the
> default because they need the new business and they don't want the
> training burden of making sure they understand the issues of s.a.v.,
> then they are following the 'chemical polluter business model' where the
> money is made "here" and the impact is only felt "over there".

I'm not an internet routing guru, so I must not be seeing something.  When 
my organization connects to an upstream provider, they know we have a 
block of addresses assigned (Actually, we have more than one).  They know 
that we connect to their switch in rack X, switch Y, port Z.

If they see a packet with a source address of 8.8.8.8 appearing on that 
port, what possible reason could they have for allowing it through? 

Obviously, that's a Google address, and possibly forged a lot.  I just 
don't see why a packet claiming to be from an address we do not own should 
be coming from our net.  Can anyone explain why that would happen (other 
than forgery)?

I looked at BCP84/RFC3704, but as a non-networking person, it was brushing 
the bald-spot. 

I know this is drifting from the list topic, so thank you for the 
indulgence.



Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.

More information about the dns-operations mailing list