DNS Amplification Attacks
Florian Weimer
fw at deneb.enyo.de
Wed Mar 22 19:33:55 UTC 2006
* Peter Dambier:
> In germany censoring is commonplace. You have to use foraign resolvers
> to escape it. There is a lot collateral dammage too - governement has
> provided the tools.
This is not true. There has been some questionable advice by a
regulatory body, though. Most damage is done by ISPs which simply do
not adjust the filters to the moving target and run them as-is since
2001 or so. Null routes tend to filter a different customer after
such a long time.
> How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
> and "XN--IO0A7I." already. You must use alternative roots to exchange emails
> with people living in those domains.
Unfortunately, they also censor "ENYO.".
More information about the NANOG
mailing list