|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Schneier: ISPs should bear security burden
Mark Newton <[email protected]> wrote: > On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote: > > > Any IP that a provider allows servers on should have > > distinctive, non-dynamic-looking DNS (and preferably be in a separate > > netblock from the dynamically-assigned IPs). > > What the hell is a "non-dynamic-looking DNS"? Sure, if I see something > like "static-192-168-1-1.isp.net" I can be reasonably sure that it's > non-dynamic-looking, but what does the same thing look like in > Portugese? German? Spanish? French? (Korean? Chinese?) France Telecom has a reasonably easy-to-understand naming scheme that ends in <POP-Location>.wanadoo.fr. Deutsche Telekom has an equally easy-to-understand scheme that ends in dip.t-dialin.de (for their German dialups, anyhow). > Just wait'll we start getting unicode DNS names in non-English alphabets. > Perhaps then you can tell what to look for in a string of Kanji symbols > which might be suggestive of the concept of "static". There are some basic rules of thumb you can use. The problem is that they're not guaranteed to work. The best solution was created years ago (Gordon Fecyk's DUL, which lists IP ranges the ISPs specifically register as dynamic/not supposed to host servers) and eventually came under the purview of Kelkea/MAPS, but there wasn't a ton of ISP buy-in. If we could create a similar list and actually get ISPs to register the appropriate netblocks (and not mix in IPs where servers are allowed, and IPs where they aren't, in the same block), that'd be great. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [email protected] / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"
|