On Aug 18, 2008, at 12:51 PM, Joe Baptista wrote:
No. I was thinking more of a smart porcupine with attitude. At least use the IDS to notify the system administrator an attack is in progress. I've attached a document that uses snort to log the event. That could be used to notify the system administrator.
You can call it whatever you want, but whether the exterior is hard or spiny, if you depend on that for network security, you don't have much security. I mean, if you really think that's the way to go, tell me this: do you still use rsh to log into your servers? Because really that's what you're saying when you say that the security in DNSSEC or some other DNS security protocol isn't important. You're saying that authentication based on IP address is sufficient.
If you really hate DNSSEC, I could be sympathetic to the idea of using TSIG to protect your resolvers. That's what started this whole long thread, if you remember. But what you're talking about is snake oil security. There's a lot of money in it, don't get me wrong. But it's not a solution the IETF should be promoting.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
