On Wed, 2006-06-07 at 13:15 -0700, Mike Fedyk wrote: > Mike Lynchfield wrote: > > Ain't it time for all of us to get along and do POSITIVE CRITISIM ? > I have to say, that Matt's email should be seen as exactly that. > > What he brings up are valid concerns, and they happen every day with > other BLs so it is something you should think about, or you will have to > do it eventually. Maybe after someone has already used your system as a > DoS attack. > > Starting manually I think is a good start, so you can push out the > inevitable conflict over policy until after the system has been up for a > little while.
if its enum based you can have one master that only accepts traffic from secondaries who actually are what root-servers point to. in that way you shield the 'source' and distribute basically dns zones to many boxes who propagate the info out to everyone else... It wont stop DDoS attacks but it can help mitigate them, if one is unavailable the others should be reachable still. And if you want the info locally, perhaps AXFR can be enabled for you, you set your dns server locally as a secondary, there is at least with bind a notification event that can be triggered upon change, they can also periodically pull the info based on the SOA records. And anyone that does query this via a caching name server will automagically generated caches of the information so they dont have to constantly look stuff up. An outage means however there is no lookup information and thus no blacklist. Calls go through that you may otherwise want to have blacklisted. that may cause some problems, however this is a slightly different filtering list (unless a seperate table of voip spammers are generated) and as such they want to sneak off into the shadows rather than come full on with the providers. There is a slight difference so far in the types of people. That may change quickly as people may realize that they can make money by completing calls if they DDoS the VoIP-RBL servers. Why DDoS mitigation techniques should be evaluated and put in place beforehand. -- Trixter http://www.0xdecafbad.com Bret McDanel Belfast IE +44 28 9099 6461 DE +49 801 777 555 3402 Utrecht NL +31 306 553058 US WA +1 360 207 0479 US NY +1 516 687 5200 FreeWorldDialup: 635378 http://www.trxtel.com we pay you to terminate calls with us!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
