DNS Amplification Attacks... and a trivial proposal
Mark Andrews
marka at isc.org
Fri Jun 14 02:31:40 UTC 2013
In message <14768.1371175949 at server1.tristatelogic.com>, "Ronald F. Guilmette" writes:
>
> In message <20130614004155.72013.qmail at joyce.lan>,
> "John Levine" <johnl at iecc.com> wrote:
>
> >The real solution is BCP 38...
>
> I agree completely John. I cannot do otherwise. But I have to ask the
> obvious elephant-in-the-room question... How is that comming along so far?
* Router manufactures have code to support BCP 38 though it defaults to off.
* Large numbers of ISPs claim they implement BCP 38.
* NAT boxes tend to reduce the number of viable sources. As more
networks rather than hosts connect the IPv4 problem space will
reduce. CGN's will have a similar impact.
Future:
* SIDR will make it easier for multi-homed nets to automatically configure
border acls.
* Adding defaults to home CPE devices to default to only allow out source
addresses learnt through PD or configured RAs will help.
> Maybe we could find worse ways to spend our time than developing a Plan B
> and/or acquiring another basket to put a few of our eggs into.
>
>
> Regards,
> rfg
>
>
> P.S. The idea I had was that a reasonably simple anti-DDoS protocol ex-
> tension could be codified and rolled out along with regular software
> updates, and could thus eventually be in place even without the conscious
> cooperation of those system and network administrators who have, by their
> actions, already proven themselves to be largely if not entirely un-
> cooperative, even with common sense steps to foster and protect the public
> good.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list