North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS: Definitely Not Safe?

  • From: bmanning
  • Date: Wed Feb 14 14:45:16 2007

On Wed, Feb 14, 2007 at 04:22:44PM -0200, MARLON BORBA wrote:
> mea culpa, mea maxima culpa :-(
> my intention, when suggested that reading, was to get your attention about that recent attack which targeted DNS top-level servers and to listen your opinions.
> i promise not to post porn, ops, FUD material to nanog again.
> Abraços,
> Marlon Borba, CISSP, DataCenter Associate
> Técnico Judiciário - Segurança da Informação
> TRF 3ª Região
> (11) 3012-1683
> --
> 1997-2007 - Dez Anos da DSUP.
> Conhecimento Gerando Soluções.
> --

	what is interesting to me is the "ripple" effect - kind of like the childrens game of "telephone".
	second, third, and fourth hand interpretation of the events allows the reporter to project their own
	worst nightmares onto the event ...  for some, its a way to raise the spector of fear, giving them
	credence or the opportunity to market their particular services to the huddled, fearful masses.

	and to borrow a line from another bit of this thread, http and dns are both applications.  applications
	are vulnerable to attacks that exploit the underlaying protocols.  the BEST we can do, w/o replacing
	IP & TCP/UDP is instrument the applications to alert us that there is a problem.  And the actions
	you (as the target of packet love) take may make your local life manageable, (compartmentalization)
	can have devestating impact on your peers/neighbors.

	so don't worry, your posts seem fine to me