True, if directed broadcasts for a network implementing this draft have not been disabled, but no more so than any information about the structure of the network would help a smurfer. So it does reduce security through obscurity by reducing obscurity.
However, if an organization is concerned they can limit which zones/domainnames they expose to the outside world. I would expect it to be handled in the same way that organization handle the question of which A records they choose to make visible to the internet ( split DNS, bind9 views, etc ). Would folks feel better about this if I were to put a paragraph in the "security considerations" section noting that availability to the outside world of information about the network structure of a network may be used for DOS attacks like smurphing, and recommending that organizations consider carefully the acceptable visibility of such records? Ed On Fri, 28 Feb 2003, Dean Anderson wrote: > Not to mention that it would be quite useful to smurfers. > > --Dean > > On Fri, 28 Feb 2003, Pekka Savola wrote: > > > On Fri, 28 Feb 2003, Robert Elz wrote: > > [...] > > > Why would my nodes care what the network that contains some random IP > > > address might happen to be (or why would I ever care more than the > > > routing tables will tell me) ? > > > > Being able to do something like this would have quite a few security > > considerations, besides -- in addition to operational reluctance to take > > it to use. > > > > Finding your *own* info could be useful, but you really need most of that > > information before you can make the DNS query.. > > > > -- > > Pekka Savola "You each name yourselves king, yet the > > Netcore Oy kingdom bleeds." > > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > > > > #---------------------------------------------------------------------- > > # To unsubscribe, send a message to <[EMAIL PROTECTED]>. > > > > #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
