[dns-operations] First experiments with DNS dampening to fight amplification attacks
dougb at dougbarton.us
Fri Oct 26 19:18:15 UTC 2012
On 10/26/2012 8:15 AM, WBrown at e1b.org wrote:
> I'm not an internet routing guru, so I must not be seeing something. When
> my organization connects to an upstream provider, they know we have a
> block of addresses assigned (Actually, we have more than one). They know
> that we connect to their switch in rack X, switch Y, port Z.
> If they see a packet with a source address of 18.104.22.168 appearing on that
> port, what possible reason could they have for allowing it through?
In addition to the (correct) reasons that Paul stated, there is also a
more fundamental issue. They are being paid by you to push packets. The
more of your packets they push, the more you pay them. So not only is
there a cost to creating the infrastructure to block the packets, there
is a direct cost for actually blocking the packets. For the bandwidth
provider, on strictly business terms, it's a lose/lose.
What we have failed to do as an industry is create sufficient incentives
to make being a good net.citizen of higher benefit than the costs
More information about the dns-operations