[dns-operations] First experiments with DNS dampening to fight amplification attacks

Michael Hoskins (michoski) michoski at cisco.com
Fri Oct 26 15:55:39 UTC 2012 

-----Original Message-----

From: <Dobbins>, Roland <rdobbins at arbor.net>
Date: Friday, October 26, 2012 11:28 AM
To: DNS Operations List <dns-operations at mail.dns-oarc.net>
Subject: Re: [dns-operations] First experiments with DNS dampening
to	fight	amplification attacks

>
>On Oct 26, 2012, at 10:15 PM, Vernon Schryver wrote:
>
>> It's cheaper and easier in the short term to pollute, ignore spammers,
>>and over graze the commons.
>
>.pdf of my AusNOG04 preso on this general topic:
>
><https://docs.google.com/open?id=0B47QUsHYYrhFUzBqaDFPWDRscTQ>

somewhat ironic...  i came to cisco through ironport, and spent many years
deploying infrastructure and applications specifically designed to make
spammer's lives hell.  it's by far my proudest achievement.

please reply to me off-list if you have an interest (or objection) to
being included in my case to TPTB.  feel free to write additional blurbs
or point me to links you want included.  i intend to present both sides
(to appear fair an balanced, although in past lives where i was allowed to
touch core routers i personally always enabled source verification in
conjunction with other countermeasures), and since this will be going high
up the food chain and trickling down from there i'll need to put together
a sensible report with references and maybe even a few pretty pictures.

i plan to include existing references to bcps, bits of this email thread
and archived discussions, and even point out the reputation and role in
internet infrastructure of folks making suggestions...including your names
and email addresses.  so please let me know if that's not desirable to you.

beside uRPF and ACLs a fair amount of work has been done on things like
source guard, and the feature is readily available in nexus...so it's a
perfect time to have this discussion.  even if it isn't enabled by default
in the near future, raising its importance in related training would be a
small step forward.

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-4/104_ip-
spoofing.html

http://www.cisco.com/web/about/ac50/ac207/crc_new/university/RFP/rfp07025.h
tml

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/c
onfiguration/guide/sec_sourceguard.html#wp1100175

thanks.

More information about the dns-operations mailing list