-----Original Message----- From: <Dobbins>, Roland <[email protected]> Date: Friday, October 26, 2012 11:28 AM To: DNS Operations List <[email protected]> Subject: Re: [dns-operations] First experiments with DNS dampening to fight amplification attacks
> >On Oct 26, 2012, at 10:15 PM, Vernon Schryver wrote: > >> It's cheaper and easier in the short term to pollute, ignore spammers, >>and over graze the commons. > >.pdf of my AusNOG04 preso on this general topic: > ><https://docs.google.com/open?id=0B47QUsHYYrhFUzBqaDFPWDRscTQ> somewhat ironic... i came to cisco through ironport, and spent many years deploying infrastructure and applications specifically designed to make spammer's lives hell. it's by far my proudest achievement. please reply to me off-list if you have an interest (or objection) to being included in my case to TPTB. feel free to write additional blurbs or point me to links you want included. i intend to present both sides (to appear fair an balanced, although in past lives where i was allowed to touch core routers i personally always enabled source verification in conjunction with other countermeasures), and since this will be going high up the food chain and trickling down from there i'll need to put together a sensible report with references and maybe even a few pretty pictures. i plan to include existing references to bcps, bits of this email thread and archived discussions, and even point out the reputation and role in internet infrastructure of folks making suggestions...including your names and email addresses. so please let me know if that's not desirable to you. beside uRPF and ACLs a fair amount of work has been done on things like source guard, and the feature is readily available in nexus...so it's a perfect time to have this discussion. even if it isn't enabled by default in the near future, raising its importance in related training would be a small step forward. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-4/104_ip- spoofing.html http://www.cisco.com/web/about/ac50/ac207/crc_new/university/RFP/rfp07025.h tml http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/c onfiguration/guide/sec_sourceguard.html#wp1100175 thanks. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
