Great Suggestion for the DNS problem...?
Brian Dickson
briand at ca.afilias.info
Tue Jul 29 03:00:57 UTC 2008
> What would the ip-blocking BGP feed accomplish? Spoofed source
> addresses are a staple of the DNS cache poisoning attack.
> Worst case scenario, you've opened yourself up to a new avenue of
> attack where you're nameservers are receiving spoofed packets intended
> to trigger a blackhole filter, blocking communication between your
> network and the legitimate owner of the forged ip address.
>
Yes, but what about blocking the addresses of recursive resolvers that
are not yet patched?
That would certainly stop them from being poisoned, and incent their
owners to patch...
1/2 :-)
Brian
> Michael Smith wrote:
>
> Still off topic, but perhaps a BGP feed from Cymru or similar to
> block IP
> addresses on the list?
>
> Regards,
>
> Mike
More information about the NANOG
mailing list