North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Internet attack called broad and long lasting

  • From: Valdis.Kletnieks
  • Date: Thu May 12 10:22:04 2005

On Thu, 12 May 2005 01:30:36 PDT, Alexei Roudnev said:

> It is mostly fantasy. DNS security is much much more important and much more
> real issue, vs this fictions.

Very true, but....

Sites that have their routers tied down right tend to get the DNS right too,
and sites that are lax with the routers tend towards botching the DNS too.

Remember - the single *biggest* chunk is that the people in charge have to make
a conscious decision that "tying stuff down tight is important".  Once that
happens, routers and DNS and customer-tracking all usually fall into place. And
if they haven't decided that a large bucket full of security-kloo is needed,
you *WILL* end up calling them and saying "Did your XYZ get hacked?".  Which
piece of gear is XYZ this week is mostly random chance and the phase of the
moon....

(For a *LONG* time, the single *biggest* easy-to-check predictor of "is this
machine a spam source?" wasn't the various RBLSs, but whether they had a PTR
for the IP.  The same sort of sites that can't/don't get their PTRs in order
(even to the point of a generic 'a.b.c.d.in-addr.arpa PTR d.c.b.a.ISP.net')
are the same sort that can't check a new customer against ROKSO or find and
neutralize a spam-zombie PC. 

Attachment: pgp00015.pgp
Description: PGP signature