nanog mailing list archives
Re: example.com/net/org DNS records
From: "Brian Bruns" <bruns () 2mbit com>
Date: Mon, 5 Jan 2004 15:46:28 -0500
I'd say the problem of 1918 leakage is a bigger concern.
Quite a big problem. Because some of the major backbones don't bother to filter that address space in the src of the packets, DDoS tools just love forging UDP packets with reserved space, which makes it nearly impossible to correctly track down where its coming from. A good example of this issue is with at least two of the AHBL nameservers run by the SOSDG (I have no idea what the other nameservers are seeing as they are not managed by us, but they are probably getting similar queries), someone from 192.168.1.20 is making dns queries for ip4r lookups under dnsbl.ahbl.org. Of course, the bogon filters stop it dead in its tracks, but, the fact that its getting through across Sprint, Cogentco, and similar isn't a good sign. Providers should be filtering at their borders both src and dst packets going to any of the reserved spaces. If they did, this wouldn't be an issue. Now, the better question is, what idiot is doing those dnsbl queries on our servers, and why haven't they noticed that the lookups don't work, and resolving in general probably isn't working? Who knows. < Side note: sorry about the weird quoting. OE-Quotefix is somehow barfing on your message specifically and crashing, so I had to turn it off > -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org ----- Original Message ----- From: <Valdis.Kletnieks () vt edu> To: "Roger Marquis" <marquis () roble com> Cc: <nanog () trapdoor merit edu>; <spamtools () lists abuse net> Sent: Sunday, January 04, 2004 3:05 PM Subject: Re: example.com/net/org DNS records
Current thread:
- example.com/net/org DNS records Roger Marquis (Jan 04)
- Re: example.com/net/org DNS records Suresh Ramasubramanian (Jan 04)
- Re: example.com/net/org DNS records Valdis . Kletnieks (Jan 04)
- Re: example.com/net/org DNS records Roger Marquis (Jan 04)
- Re: example.com/net/org DNS records Suresh Ramasubramanian (Jan 04)
- Re: example.com/net/org DNS records Roger Marquis (Jan 04)
- Re: example.com/net/org DNS records Roger Marquis (Jan 04)
- Re: example.com/net/org DNS records Brian Bruns (Jan 05)
- Re: example.com/net/org DNS records bill (Jan 04)
- Re: example.com/net/org DNS records Randy Bush (Jan 04)
- Re: example.com/net/org DNS records Leo Bicknell (Jan 04)
- RE: example.com/net/org DNS records Jeroen Massar (Jan 04)
- Re: example.com/net/org DNS records Colm MacCarthaigh (Jan 05)
- Re: example.com/net/org DNS records bill (Jan 04)
- Re: example.com/net/org DNS records Randy Bush (Jan 04)
- Re: example.com/net/org DNS records Laurence F. Sheldon, Jr. (Jan 04)
- Re: example.com/net/org DNS records Roger Marquis (Jan 04)
- Re: example.com/net/org DNS records Valdis . Kletnieks (Jan 04)