[dns-operations] responding to spoofed ANY queries

David Conrad drc at virtualized.org
Sun Jan 13 01:29:15 UTC 2013


On Jan 12, 2013, at 4:51 PM, Paul Vixie <paul at redbarn.org> wrote:
> in that having only spoofing and not amplification would mean there would be a smaller problem, it's less true.

In a world of million-zombie botnets, amplification is merely icing on the cake.

> the internet is extra-legal because it is  extra-national. 

While I would agree that national laws do not apply outside of national boundaries (Predator drones not withstanding), pragmatically speaking, in the face of a massive infrastructure outage caused by an attack facilitated by spoofed addresses, I suspect the distinction you are making isn't going to be made by lawmakers.  

More to the point, I suspect such nationally-based laws would actually have a positive impact: it would force spoofing to move from domestic circuits to international circuits where the situation is slightly different.

However, I don't think this is really all that related to dns-operations... 


More information about the dns-operations mailing list