North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Interesting new dns failures
On Mon, 21 May 2007, Gadi Evron wrote: > On Mon, 21 May 2007, Chris L. Morrow wrote: > > On Mon, 21 May 2007, Gadi Evron wrote: > > > Small note: For regular fastflux, yes. for NS fastflux, not so much. > > > > For regular FF 'yes' but for ns FF not much? Hrm, not much legit purpose? > > or not much the root/tld folks can do? > > > > I ask because essentially akamai's edgesuite (and I might have their > > product names confused some) seems to do FF ... or the same thing FF does. > > Doesn't it? > > I don't know of many if any who change the NS record quite so frequently > without being bad guys. ok, so 'today' you can't think of a reason (nor can I really easily) but it's not clear that this may remain the case tomorrow. It's possible that as a way to 'better loadshare' traffic akamai (just to make an example) could start doing this as well. So, I think that what we (security folks) want is probably not to auto-squish domains in the TLD because of NS's moving about at some rate other than 'normal' but to be able to ask for a quick takedown of said domain, yes? I don't think we'll be able to reduce false positive rates low enough to be acceptable with an 'auto-squish' method :( -Chris
|