Schneier: ISPs should bear security burden
Steven Champeon
schampeo at hesketh.com
Mon May 2 17:28:33 UTC 2005
on Mon, May 02, 2005 at 01:16:40PM -0400, Joe Maimon wrote:
> Steven Champeon wrote:
> >on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote:
> >
> >>What does the rest of the internet gain when all IPs have boilerplate
> >>reverse DNS setup for them, especialy with all these wildly differing
> >>and wacky naming "conventions"?
> >
> >
> >I don't care what the rest of the Internet gains, but I can say that
> >knowing something about these "wildly differing and wacky naming
> >conventions" has cut my spam load down by 98% or more. By knowing who
> >names their networks what, even wild-assed guesses at times have kept
> >the DDoS that is spam botnets from destroying the utility of email here.
>
> Thats not quite what I was asking. Would you not have preferred being
> able to do all the above simply by being able to assume that all these
> "dialup" systems would not have any RDNS?
No.
> The question restated is what is the benifit in advocating "dialup
> names" as opposed to simply recommending that dialup ranges get NO rDNS?
More information is always better.
> For spam/abuse prevention it surely is less usefull. Its much easier to
> block IP with no rDNS than to maintain a list of patterns of rDNS that
> should be blocked.
Surely. And yet, knowing that Comcast addresses are responsible for
a third of the abuse against my mail server is easier when all of the
hosts' rDNS ends in "comcast.net", so I don't need to do whois lookups
on each IP.
> I understand that RFCs recommend/require it. I want to know about
> specific benefits to the internet at large (not to the user who now has
> rDNS)
>
> Given a choice between ISP using unpredictable naming patterns or no
> name for dialup ranges, what would your preference be?
Predictable naming conventions, preferably right-anchored, such as
'.dialup.dynamic.example.net'
If you're saying that's not possible, then I'd prefer unpredictable
names over no rDNS at all (though preferably at least consistently
implemented within a given rDNS domain)...
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us! http://hesketh.com/about/careers/account_manager.html join us!
More information about the NANOG
mailing list