Home page logo
/

nanog logo nanog mailing list archives

Re: DOS attack against DNS?
From: Paul Vixie <vixie () vix com>
Date: 16 Jan 2006 18:12:25 +0000


joelja () darkwing uoregon edu (Joel Jaeggli) writes:

people inside one of the largest networks have told me that they have
customers who require the ability to bypass BCP38 restrictions, and that
they will therefore never be fully BCP38 compliant.  ...

Consider people in the rest of the world who may purchase simplex 
satellite links. By definition they inject traffic in places they aren't 
announcing their route from.

yup, those are exactly the customers i was told about.  (see above.)  however,
there's still a way to filter-list the various interfaces -- it's just harder
than letting the routing table imply your filter-list for you.  also however,
if these were the only customers who weren't made to follow BCP38, there would
not be a global BCP38-related problem right now.  or, as i said before:

i've asked for BCP38 to become the default on all their other present
and future customers ...
-- 
Paul Vixie


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault