Great Suggestion for the DNS problem...?

Brian Dickson briand at
Tue Jul 29 03:00:57 UTC 2008

> What would the ip-blocking BGP feed accomplish? Spoofed source 
> addresses are a staple of the DNS cache poisoning attack.
> Worst case scenario, you've opened yourself up to a new avenue of 
> attack where you're nameservers are receiving spoofed packets intended 
> to trigger a blackhole filter, blocking communication between your 
> network and the legitimate owner of the forged ip address.

Yes, but what about blocking the addresses of recursive resolvers that 
are not yet patched?

That would certainly stop them from being poisoned, and incent their 
owners to patch...

1/2 :-)


> Michael Smith wrote:
>     Still off topic, but perhaps a BGP feed from Cymru or similar to 
> block IP
>     addresses on the list?
>     Regards,
>     Mike

More information about the NANOG mailing list