[dns-operations] First experiments with DNS dampening to fight amplification attacks

Dobbins, Roland rdobbins at arbor.net
Fri Oct 26 15:18:31 UTC 2012

On Oct 26, 2012, at 9:32 PM, paul vixie wrote:

> i just don't see it.

Ah, but I *did* see it when I worked for a major vendor of telecommunications equipment.

I agree with you - I wish anti-spoofing were enabled by default.  I'm not defending the status quo, just trying to explain why it isn't enabled by default, as well as why it isn't likely to be enabled by default anytime soon, absent some significant technical innovation (which I don't see happening due to the nature of TCP/IP) or major catastrophe which changes the perceived economics of the current situation both for network infrastructure vendors as well as for customer organizations.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the dns-operations mailing list