Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß nor...@smash-net.org wrote: As we all know everything works better and cheaper when things are privatized Actually No it's not so simple at all. You get incompetence in private and public and you may be more likely to get away with it for longer in a public service than in a market with competition but there are many examples where things simply get worse. In the UK, water companies were privatisied and fat cats made lots of money letting the pipes deteriorate for future generations. British Telecom, well that's a mixed bag but it is certainly a tiny shadow of it's original self. We know ideals and theory hardly ever work but theoretically public should be much better when well managed. I wonder if ISPS wouldn't be handling things like TalkTalks Homesafe in such a stupid manner (across the board is where it is stupid, even for non users of the service) where they redirect all the http traffic through an undoubtedly insecure layer 7 handling huawei device with less commercial pressures or analysing bandwidth at layer 7 when they should be doing so more safely and completely at layers 3 and 4 leading me to believe they are not just thinking about bandwidth usage. Why does it matter if you download 1000Gb via torrents or http. ACKs can be managed in any case. I'm glad open source is beginning to make strides into public services as it should help put an end to expensive interoperability issues (if we stay away from non posix things like systemd, though even then shouldn't be too bad ;-)).
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
On Sat, 30 Mar 2013 15:53:29 +0100 Rene Rasmussen gen...@paranoidix.dk wrote: There is also the possibility to use opendns.com I've been using them for years, and have not had any trouble. I started using them when my ISP decided to block some sites. And their standard service is free :) They also support dnscurve but I thought that in the case of non existing domain lookups they do show adverts? I don't see just that as a huge problem as long as they are not targetted though?
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
On 2013-03-30 11:15 AM, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote: On Sat, 30 Mar 2013 15:53:29 +0100 Rene Rasmussen gen...@paranoidix.dk wrote: There is also the possibility to use opendns.com I've been using them for years, and have not had any trouble. I started using them when my ISP decided to block some sites. And their standard service is free :) They also support dnscurve but I thought that in the case of non existing domain lookups they do show adverts? This can be disabled... The biggest problem with using them (or google dns) is if you are running a mail server, you cannot use spamhaus or many other DNSBLs, because they don't work with these free DNS services: http://www.spamhaus.org/faq/section/DNSBL%20Usage#261
Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack
Am 30.03.2013 16:11, schrieb Kevin Chadwick: On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß nor...@smash-net.org wrote: As we all know everything works better and cheaper when things are privatized Actually No it's not so simple at all. You get incompetence in private and public and you may be more likely to get away with it for longer in a public service than in a market with competition but there are many examples where things simply get worse. In the UK, water companies were privatisied and fat cats made lots of money letting the pipes deteriorate for future generations. British Telecom, well that's a mixed bag but it is certainly a tiny shadow of it's original self. We know ideals and theory hardly ever work but theoretically public should be much better when well managed. I wonder if ISPS wouldn't be handling things like TalkTalks Homesafe in such a stupid manner (across the board is where it is stupid, even for non users of the service) where they redirect all the http traffic through an undoubtedly insecure layer 7 handling huawei device with less commercial pressures or analysing bandwidth at layer 7 when they should be doing so more safely and completely at layers 3 and 4 leading me to believe they are not just thinking about bandwidth usage. Why does it matter if you download 1000Gb via torrents or http. ACKs can be managed in any case. I'm glad open source is beginning to make strides into public services as it should help put an end to expensive interoperability issues (if we stay away from non posix things like systemd, though even then shouldn't be too bad ;-)). I think, you did not spot the sarcasm in what i said :-).