Great Suggestion for the DNS problem...?

Brian Dickson briand at ca.afilias.info
Mon Jul 28 22:00:57 CDT 2008


> What would the ip-blocking BGP feed accomplish? Spoofed source 
> addresses are a staple of the DNS cache poisoning attack.
> Worst case scenario, you've opened yourself up to a new avenue of 
> attack where you're nameservers are receiving spoofed packets intended 
> to trigger a blackhole filter, blocking communication between your 
> network and the legitimate owner of the forged ip address.
>

Yes, but what about blocking the addresses of recursive resolvers that 
are not yet patched?

That would certainly stop them from being poisoned, and incent their 
owners to patch...

1/2 :-)

Brian

> Michael Smith wrote:
>
>     Still off topic, but perhaps a BGP feed from Cymru or similar to 
> block IP
>     addresses on the list?
>
>     Regards,
>
>     Mike










More information about the NANOG mailing list