[dns-operations] First experiments with DNS dampening to fight amplification attacks
WBrown at e1b.org
WBrown at e1b.org
Fri Oct 26 15:15:35 UTC 2012
paul vixie <paul at redbarn.org> wrote on 10/26/2012 10:32:57 AM:
> i just don't see it. there isn't more to it than that. from the point of
> view of everyone on the connected internet, it is a bad idea to let some
> new person connect some new router that forwards packets, if that person
> is unaware of the s.a.v. issue. if a vendor won't make s.a.v. the
> default because they need the new business and they don't want the
> training burden of making sure they understand the issues of s.a.v.,
> then they are following the 'chemical polluter business model' where the
> money is made "here" and the impact is only felt "over there".
I'm not an internet routing guru, so I must not be seeing something. When
my organization connects to an upstream provider, they know we have a
block of addresses assigned (Actually, we have more than one). They know
that we connect to their switch in rack X, switch Y, port Z.
If they see a packet with a source address of 126.96.36.199 appearing on that
port, what possible reason could they have for allowing it through?
Obviously, that's a Google address, and possibly forged a lot. I just
don't see why a packet claiming to be from an address we do not own should
be coming from our net. Can anyone explain why that would happen (other
I looked at BCP84/RFC3704, but as a non-networking person, it was brushing
I know this is drifting from the list topic, so thank you for the
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
More information about the dns-operations