Gentlefolks,
I note that Gadi Evron was, until recently, employed by Afilias, the
same company as Joe Abley. At present, acccording to another recent
NANOG controversy, Mr. Evron. Mr Hankins is also not an independent
source, being part of ISC, Joao Damas' (document author) employer.
Also, I d
[For brevity, this is intended as a message in support of Joe's
position. I think my original got eaten in the earlier mail
server event announced on ietf@, so apologies for any duplicates.]
On Tue, Sep 02, 2008 at 03:46:48PM -0400, Joe Abley wrote:
> My point is that there are a large number o
On Wed, 3 Sep 2008, Danny McPherson wrote:
> You don't see any evidence of attacks because you haven't read
> about them on NANOG ["or various network forums that you do
> monitor"] - duly noted, and comically ironic.
It is indeed comically ironic (telling, actually) that NANOG hasn't
discussed t
On Sep 3, 2008, at 9:42 AM, Dean Anderson wrote:
>
> I choose to report on why this data is not credible and should not be
> accepted by the DNSOP WG.
I believe the WG has heard your position:
"There has been no further discussion of these attacks since the
two very small motivating attacks were
On Wed, 3 Sep 2008, Danny McPherson wrote:
> Dean, I'm not going to argue this point by point with you, I simply
> provided data points on what folks who do this as part of their day
> job have observed and reported. You can choose to accept this, or
> not.
I choose to report on why this data is
Dean,
I'm not going to argue this point by point with you, I simply
provided data points on what folks who do this as part of their
day job have observed and reported. You can choose to
accept this, or not.
As for bots and C&Cs and what's done in practice today
and what's not, well, I know a lit
On Tue, 2 Sep 2008, Danny McPherson wrote:
>
> On Sep 2, 2008, at 12:44 PM, Dean Anderson wrote:
> >
> > I find this hard to believe from three standpoints:
> >
> > 1) the expected number of open DNS recursors and their collective
> > bandwidth doesn't seem to be large enough to support a 40Gbps
On Tue, 2 Sep 2008, Joe Abley wrote:
>
> On 2 Sep 2008, at 13:43, Dean Anderson wrote:
>
> > Really? Your position is that there are attacks but all these attacks
> > are somehow being kept secret? People talked about ping floods, syn
> > floods, and an uncountable slew of other attacks. Incred
Dean Anderson wrote:
>
> A useful
> technique for scan detection is a non-production special "server".
> Scanners show up in the logs; no one else does. Dnscache, BIND, and
> PowerDNS all have necessary the logging capabilities.
>
>
http://en.wikipedia.org/wiki/Honeypot_(computing)
- Kevin
_
> 2) Why would anyone capble of programming bother searching for open
> recursors (with often small connection speeds) when they can use 100+
> root servers with large amplification factors and high bandwidth
> connections at key exchange points?
Because there are much better amplificatio
On Sep 2, 2008, at 12:44 PM, Dean Anderson wrote:
>
> I find this hard to believe from three standpoints:
>
> 1) the expected number of open DNS recursors and their collective
> bandwidth doesn't seem to be large enough to support a 40Gbps attack.
Really? With trivial amplification vectors 20 lo
On 2 Sep 2008, at 13:43, Dean Anderson wrote:
> Really? Your position is that there are attacks but all these attacks
> are somehow being kept secret? People talked about ping floods, syn
> floods, and an uncountable slew of other attacks. Incredible.
My point is that there are a large number o
On Tue, 2 Sep 2008, Danny McPherson wrote:
> On Sep 2, 2008, at 9:47 AM, Joe Abley wrote:
> >>
> >> There is "usually" no harm to anyone from open resolvers. No one has
> >> reported any further attacks since this draft was conceived.
> >
> > That is not true. It's possible that the forums in whic
On Tue, 2 Sep 2008, Joe Abley wrote:
>
> On 2 Sep 2008, at 11:04, Dean Anderson wrote:
>
> >>> There is no harm in public resolvers.
> >>
> >> Not to the people running the resolvers, usually, no.
> >
> > There is "usually" no harm to anyone from open resolvers. No one has
> > reported any furth
On Sep 2, 2008, at 9:47 AM, Joe Abley wrote:
>>
>> There is "usually" no harm to anyone from open resolvers. No one has
>> reported any further attacks since this draft was conceived.
>
> That is not true. It's possible that the forums in which such attacks
> are discussed are not available to you
On 2 Sep 2008, at 11:04, Dean Anderson wrote:
>>> There is no harm in public resolvers.
>>
>> Not to the people running the resolvers, usually, no.
>
> There is "usually" no harm to anyone from open resolvers. No one has
> reported any further attacks since this draft was conceived.
That is not
On Tue, 2 Sep 2008, Joe Abley wrote:
> Dean,
>
> On 1 Sep 2008, at 20:57, Dean Anderson wrote:
>
> > mostly operations people (as opposed to credible engineers)?
>
> If av8.net starts selling t-shirts, I'll take one with that phrase.
Perhaps a t-shirt should have this quote from Paul Vixie: de
17 matches
Mail list logo
