Schneier: ISPs should bear security burden
Steven Champeon
schampeo at hesketh.com
Fri Apr 29 20:53:45 UTC 2005
on Thu, Apr 28, 2005 at 10:20:37AM -0400, Steve Sobol wrote:
>
> Mark Newton <newton at internode.com.au> wrote:
>
> > On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote:
> >
> > > Any IP that a provider allows servers on should have
> > > distinctive, non-dynamic-looking DNS (and preferably be in a separate
> > > netblock from the dynamically-assigned IPs).
> >
> > What the hell is a "non-dynamic-looking DNS"? Sure, if I see something
> > like "static-192-168-1-1.isp.net" I can be reasonably sure that it's
> > non-dynamic-looking, but what does the same thing look like in
> > Portugese? German? Spanish? French? (Korean? Chinese?)
>
> France Telecom has a reasonably easy-to-understand naming scheme that ends in
> <POP-Location>.wanadoo.fr.
Hrm? The only examples I have are:
.abo.wanadoo.fr
.adsl.wanadoo.fr \
--- haven't seen any of these in a long time, though
.cable.wanadoo.fr /
with the POP-Location coming at the forefront, after 'A', e.g.
ANantes-106-1-5-107.w193-251.abo.wanadoo.fr
AVelizy-154-1-44-113.w82-124.abo.wanadoo.fr
APoitiers-152-1-35-162.w83-193.abo.wanadoo.fr
or 'L' or 'M'
Laubervilliers-151_11-15-186.w82-127.abo.wanadoo.fr
LNeuilly-152_21-4-2.w82-127.abo.wanadoo.fr
Mix-Amiens-107-2-8.w193-248.abo.wanadoo.fr
or 'ca', which I assume is for cable:
ca-angers-2-19.w80-8.abo.wanadoo.fr
> Deutsche Telekom has an equally easy-to-understand scheme that ends in
> dip.t-dialin.de (for their German dialups, anyhow).
They must be filtering/redirecting outbound port 25, then; it's been
some time since I saw any of their traffic here in the logs. Or maybe
it's because they're using t-dialin.net now. <clickety clack> Yep. I
don't see any t-dialin.de in 60 days, but tons of t-dialin.net hosts.
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us! http://hesketh.com/about/careers/account_manager.html join us!
More information about the NANOG
mailing list