Home page logo
/

nanog logo nanog mailing list archives

Re: Kashpureff Black List (REALLY AN OPERATIONAL QUESTION)
From: Eric Germann <ekgermann () cctec com>
Date: Wed, 23 Jul 1997 10:31:33 -0400

However, a coordinated effort to block them all could, correct?  Kind of
like the sanity filters at customer borders.  Don't allow traffic into your
network that doesn't originate from their assigned network numbers.  If
everyone were to block the ranges no one would get polluted...

So is it my understanding that it is technically possible, but logistically
impossible to coordinate?   If we were to block them, then we wouldn't have
to worry about every idiosyncracy of BIND, both known and yet to be found.

At 09:13 AM 7/23/97 -0500, Karl Denninger wrote:
On Wed, Jul 23, 1997 at 09:53:42AM -0400, Eric Germann wrote:
would an anti-kashpureff bgp feed fix the dns pollution problems similar to
the anti spam black list.  If yes, is it collusion which would be
prosecutable?  If no, what are the TECHNICAL reasons it wouldn't work.

Eric

No, because *ANY* nameserver which gets the pollution can then pollute you.

Since you can't cut off EVERY nameserver with such a feed, it is pointless
to attempt it.

--
-- 
Karl Denninger (karl () MCS Net)| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl     | T1's from $600 monthly to FULL DS-3 Service
                           | 99 Analog numbers, 77 ISDN, http://www.mcs.net/
Voice: [+1 312 803-MCS1 x219]| NOW Serving 56kbps DIGITAL on our analog
lines!
Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W
Internal




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]