Home page logo

nanog logo nanog mailing list archives

Re: DNS deluge for x.p.ctrc.cc
From: Joe Provo <nanog-post () rsuc gweep net>
Date: Sat, 25 Feb 2006 11:24:46 -0500

On Sat, Feb 25, 2006 at 08:41:01AM +0000, bmanning () vacation karoshi com wrote:
robt wrote:
Limit recursion to trusted netblocks and customers.  Do not permit
your name servers to provide recursion for the world.  If you do,
you will contribute to one of these attacks.

      <recursion is a fundamental DNS design feature,
       restricting it to "walled gardens" cripples its usefullness>

The bad guys abused open SMTP relaying and we couldn't use it anymore.*
They've moved to the next thing that is widely open and will be abusable 
for a long time while some folks clamp down quickly, others argue against
it, etc.  Until we can factor out the bad guys, the diminishing returns 
on playing whack-a-mole will force us all to install more functional
equivalent of signs saying "restrooms are for customers only". And no
I don't like it either.



* well, except those who wish to be marginalized.

             RSUC / GweepNet / Spunk / FnB / Usenix / SAGE

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]