nanog mailing list archives
Re: how to protect name servers against cache corruption
From: Jon Lewis <jlewis () inorganic5 fdt net>
Date: Thu, 31 Jul 1997 23:47:24 -0400 (EDT)
On Wed, 30 Jul 1997, Thomas H. Ptacek wrote:
I suppose the operations context to this is, "hey, you realize DNS is COMPLETELY BROKEN? What are your plans for dealing with the possibility of someone posting exploits?" Do we simply stop using DNS?
The same could be said of IP. If you forge packets and ICMP or UDP attack someone, as long as your packets cross a busy enough NAP (say one of the MAE's) you can do it with impunity and effectively knock entire ISP's off the internet. "And how do I configure my router for that?" Use access-lists to prevent your networks from accepting spoofed packets from your customers, or insist that they use such filters on their routers. ------------------------------------------------------------------ Jon Lewis <jlewis () fdt net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ________Finger jlewis () inorganic5 fdt net for PGP public key_______
Current thread:
- Re: how to protect name servers against cache corruption Francois Beauregard (Aug 02)
- <Possible follow-ups>
- Re: how to protect name servers against cache corruption William Allen Simpson (Aug 02)
- Re: how to protect name servers against cache corruption Sean M. Doran (Aug 05)
- Re: how to protect name servers against cache corruption Dave Crocker (Aug 02)
- Re: how to protect name servers against cache corruption Tim Salo (Aug 02)
- Re: how to protect name servers against cache corruption craig (Aug 02)
- Re: how to protect name servers against cache corruption Jon Lewis (Aug 02)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
- Re: how to protect name servers against cache corruption Jon Lewis (Aug 02)
- Re: how to protect name servers against cache corruption Perry E. Metzger (Aug 02)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Aug 02)
- Re: how to protect name servers against cache corruption Robert T. Nelson (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
- Re: how to protect name servers against cache corruption tqbf (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)
- Re: how to protect name servers against cache corruption Randy Bush (Aug 02)
- Re: how to protect name servers against cache corruption Paul A Vixie (Aug 02)
- Re: how to protect name servers against cache corruption Michael Dillon (Aug 02)