On Wed, Sep 26, 2012, at 07:40 PM, Vernon Schryver wrote: ><<SNIP>> > A discouraging fact is that rate limiting doesn't help if the bad guy > uses a list of 100,000 or 1,000,000 servers and only 1 or 0.1 forged > query/sec. The only hope is that by the time the bad guys get smart > and ambitious enough to use millions of reflectors, BCP38 will be so > common that the sending systems can be found and quenched.
Today I attended a cyber-security conference organised by ICSPA (International Cyber Security Protection Alliance). All day I heard presentations by various companies with expertise in this field. DNS was never mentioned. One presentation was given by the head of cyber-security for what I believe is the largest ISP in France. I took the opportunity to ask him what their position was regarding BCP38. He didn't know what I was talking about (my french is good). When I gave a brief description of BCP38 he started talking about what they do to prevent credit card fraud. I tried again but... Sounds to me like the bad guys still have time to spare. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
