DNS issues various

Thu Oct 24 20:01:09 UTC 2002

On Thu, 24 Oct 2002 18:59:46 -0000, "Kelly J. Cooper" <kcooper at genuity.net>  said:

> > You know, most bars have bouncers at the door that check IDs.  Sure, they're
> > not perfect, but the bartender can usually be pretty sure the guy ordering a
> > beer is over 21. The average bar isn't run by a soooper-genius.  But it's still
> > considered fashionable to let packets roam your network without an ID check at
> > the door.
> 
> Yeah and how's that working so far?

Works a lot better than making an overworked bartender do it.  And yes, that's
an intentional dig at the "but you can't filter at the core" crowd, and the
"but you can't backtrack spoofed traffic easily" crowd...

How well does it work?  Well enough that you can drive by a bar and just *know*
that it's a dead night because there's no bouncer.  And it's never a dead night
on the Internet.

> > soooper-genius solutions aren't going to help any when there's a lot of
> > address space that's managed by Homer Simpson....
> 
> But there will always be address space managed by Homer Simpson.

Why?  I'm asking a serious question here - why is it considered acceptable?

> All I'm advocating is breaking out of that pattern.

I bet a few good lawsuits alleging civil liability for contributory
negligence for allowing spoofed packets would do wonders for that problem.

I posit that there won't be any "sooper genius" solution that will actually
work as long as the prevailing model is small islands of clue awash in a
sea of Homer Simpsons.

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021024/8f315107/attachment.sig>