[dns-operations] Defending against DNS reflection amplification attacks
Paul Ferguson
fergdawgster at gmail.com
Sat Feb 23 03:33:31 UTC 2013
On Fri, Feb 22, 2013 at 7:13 PM, Randy Bush <randy at psg.com> wrote:
>> Are you willing to also help us do the hard work to do the right thing?
>>
>> I'm pretty sure the answer is "Yes".
>>
>> So let's get busy, and stop finding reasons not to do the Right Thing.
>>
>> - ferg
>
> you may have a problem with your mail system. it seems to be re-sending
> messages from a decade ago, though they seem to have today's date. odd.
>
Not at all odd -- we still have the same problems. I think that is
indicative of several things, none of which I will expand on at this
moment.
> perhaps, after the decade of us telling others how they should run their
> networks, an actual large operator who has deployed bcp38 can give us an
> analysis of the costs, capex and opex, and how they minimized them.
>
I think we are far beyond that -- those are the things that have
apparently already failed.
It is several factors -- ignorance, negligence, among them. We as a
community have not a good job of boiling it down to non-technical
issues that those executives understand (with regards to revenue
issues).
I agree that we should have some hard stats on who has deployed these
measures, and how it impacted them.
Please speak up if you have any data.
I can say, however, that we *do* have data on who has *not* deployed
it, and how they are virtually criminally negligent for doing so.
And don't get me wrong -- there are still some really hard problems.
- ferg
--
"Fergie", a.k.a. Paul Ferguson
fergdawgster(at)gmail.com
More information about the dns-operations
mailing list