DOS attack against DNS?
Paul Vixie
vixie at vix.com
Mon Jan 16 18:12:25 UTC 2006
joelja at darkwing.uoregon.edu (Joel Jaeggli) writes:
> > people inside one of the largest networks have told me that they have
> > customers who require the ability to bypass BCP38 restrictions, and that
> > they will therefore never be fully BCP38 compliant. ...
>
> Consider people in the rest of the world who may purchase simplex
> satellite links. By definition they inject traffic in places they aren't
> announcing their route from.
yup, those are exactly the customers i was told about. (see above.) however,
there's still a way to filter-list the various interfaces -- it's just harder
than letting the routing table imply your filter-list for you. also however,
if these were the only customers who weren't made to follow BCP38, there would
not be a global BCP38-related problem right now. or, as i said before:
> > i've asked for BCP38 to become the default on all their other present
> > and future customers ...
--
Paul Vixie
More information about the NANOG
mailing list