[dns-operations] Defending against DNS reflection amplification attacks

[Jo Rhett]

On Feb 24, 2013, at 2:50 PM, Joe Abley wrote:
> I am always wary of assertions of law, made by non-lawyers especially, where there's an implicit assumption that there's a single legal system we're dealing with, in a single jurisdiction, when the Internet (even ignoring Seth Breidbart) is necessarily global and supernational. 
> Even with citations from case law in particular justifications, I find this line of thinking questionable in a global context. 

I'll take my experience over your thoughts any time ;-)  You can find it questionable all you want. The line of reasoning is valid in a US context, and it will help bring about more BCP38 players.

> Boiled down, this is equivalent to technical approaches like "block qtype=any": it's whack-a-mole, and there are many more moles in any operational timeframe than will make any real difference, given the practical potential for whacking. We should be looking elsewhere, regardless of the demonstrated longevity of individual moles.

And your better suggestion is? What I have said works, and works well.  Go take what I wrote to your lawyer and let him explain why this isn't whack-a-mole. Discuss precedence and the conservative nature of judges and most juries. Why a few good judgements soil the pan for everyone.

This isn't my legal theory. This is what I've observed used very successfully in the courtroom, and have taken the considerations of this to various carriers with great success.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130224/b1daba45/attachment.html>