On Jan 30, 2008, at 5:59 PM, [EMAIL PROTECTED] wrote:
> On Wed, 30 Jan 2008 17:18:16 EST, Dude VanWinkle said:
>> On Jan 30, 2008 4:03 PM, Gadi Evron <[EMAIL PROTECTED]> wrote:
>>> I was somewhat involved, so can vouch this is serious work.
>>
>>
>> I guess it would be a bad idea to block traffic based on the ttl and
>> expiry of records with less than x seconds then..
>
> Some of us drop the TTL on things a week or so before a hardware
> move to a new
> IP address, so you don't keep a stale cached value around after we
> do the move.
>
> For some things, we've gone down to 300 or even 60 seconds (having
> phone calls
> for 3600 seconds after you move www.your-domain. tends to make the
> help desk
> people seriously consider doing Bad Things to your car - and if you
> haven't
> outsourced your help desk, they probably know what kind of car you
> drive. ;)
Conversely, blocking based on low TTL may also upset your helpdesk if
your users hit a bunch of popular websites or rely on os or av auto
updates...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
