[For brevity, this is intended as a message in support of Joe's
position. I think my original got eaten in the earlier mail
server event announced on ietf@, so apologies for any duplicates.]
On Tue, Sep 02, 2008 at 03:46:48PM -0400, Joe Abley wrote:
My point is that there are a large number
Gentlefolks,
I note that Gadi Evron was, until recently, employed by Afilias, the
same company as Joe Abley. At present, acccording to another recent
NANOG controversy, Mr. Evron. Mr Hankins is also not an independent
source, being part of ISC, Joao Damas' (document author) employer.
Also, I
On Wed, 3 Sep 2008, Danny McPherson wrote:
You don't see any evidence of attacks because you haven't read
about them on NANOG [or various network forums that you do
monitor] - duly noted, and comically ironic.
It is indeed comically ironic (telling, actually) that NANOG hasn't
discussed the
Dean,
I'm not going to argue this point by point with you, I simply
provided data points on what folks who do this as part of their
day job have observed and reported. You can choose to
accept this, or not.
As for bots and CCs and what's done in practice today
and what's not, well, I know a
On Sep 3, 2008, at 9:42 AM, Dean Anderson wrote:
I choose to report on why this data is not credible and should not be
accepted by the DNSOP WG.
I believe the WG has heard your position:
There has been no further discussion of these attacks since the
two very small motivating attacks were
On Tue, 2 Sep 2008, Joe Abley wrote:
Dean,
On 1 Sep 2008, at 20:57, Dean Anderson wrote:
mostly operations people (as opposed to credible engineers)?
If av8.net starts selling t-shirts, I'll take one with that phrase.
Perhaps a t-shirt should have this quote from Paul Vixie:
On Sep 2, 2008, at 9:47 AM, Joe Abley wrote:
There is usually no harm to anyone from open resolvers. No one has
reported any further attacks since this draft was conceived.
That is not true. It's possible that the forums in which such attacks
are discussed are not available to you, of
On Tue, 2 Sep 2008, Joe Abley wrote:
On 2 Sep 2008, at 11:04, Dean Anderson wrote:
There is no harm in public resolvers.
Not to the people running the resolvers, usually, no.
There is usually no harm to anyone from open resolvers. No one has
reported any further attacks since
On 2 Sep 2008, at 13:43, Dean Anderson wrote:
Really? Your position is that there are attacks but all these attacks
are somehow being kept secret? People talked about ping floods, syn
floods, and an uncountable slew of other attacks. Incredible.
My point is that there are a large number of
2) Why would anyone capble of programming bother searching for open
recursors (with often small connection speeds) when they can use 100+
root servers with large amplification factors and high bandwidth
connections at key exchange points?
Because there are much better amplification
Dean Anderson wrote:
A useful
technique for scan detection is a non-production special server.
Scanners show up in the logs; no one else does. Dnscache, BIND, and
PowerDNS all have necessary the logging capabilities.
http://en.wikipedia.org/wiki/Honeypot_(computing)
- Kevin
On Tue, 2 Sep 2008, Joe Abley wrote:
On 2 Sep 2008, at 13:43, Dean Anderson wrote:
Really? Your position is that there are attacks but all these attacks
are somehow being kept secret? People talked about ping floods, syn
floods, and an uncountable slew of other attacks. Incredible.
On Tue, 2 Sep 2008, Danny McPherson wrote:
On Sep 2, 2008, at 12:44 PM, Dean Anderson wrote:
I find this hard to believe from three standpoints:
1) the expected number of open DNS recursors and their collective
bandwidth doesn't seem to be large enough to support a 40Gbps attack.
13 matches
Mail list logo