Hi Dean!
I will note that the only question before the wg associated with this
particular mailing list is whether or not these two drafts might
benefit from adoption as working group documents. Comments on the
content seems somewhat orthogonal to that goal, but since you asked
here, I'll reply here.
On 23-Jun-2006, at 15:19, Dean Anderson wrote:
Section 3.3 should removed. Choice of host operating system has no
relevance to
DNS operations. Use of loopback interfaces etc, is likewise
irrelevant.
Thanks for the feedback.
draft-jabley-as112-being-attacked-help-help-00
This draft seems to entirely miss the point, and unhelpfully
belittles the fact
that AS112 servers may in fact be used (perhaps have already been
used) to
conduct DOS attacks.
If you can provide details to expand upon the fact you describe
above, that would be most helpful. Without some context, I am
struggling to understand what you are talking about.
I have rarely seen IDS systems alarm over genuine DNS traffic to
external
servers.
I have no reason to doubt you. However, having been one of the small
group of people responsible for answering the phone when people call
the AS112 netblock contact, I can tell you that your experience is
not universal.
Your advice to treat reports of abuse seriously is of course valid,
but unnecessary in this case.
Having been recently in the unenviable position[1] of answering phone
calls from angry people regarding the denial-of-service attack from
PRISONER.IANA.ORG on their firewalls (source port 53),
Probably you should have responded differently to their calls: They
were
probably legitimate DOS attacks involving AS112 servers.
All the calls I responded to were investigated thoroughly. I have no
reason to doubt that any of the other calls which were handled with
others enjoyed any less diligence.
None of the calls I responded to related to DOS attacks involving
AS112 servers; all of them involved replies being returned from the
Internet towards hosts that firewall admins had not considered might
ever send requests to the outside world.
Joe
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
