[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DNSOP] Reflectors are Evil was Re: Anycast was Re: Cache poisoning on DNSSEC
[For brevity, this is intended as a message in support of Joe's
position. I think my original got eaten in the earlier mail
server event announced on ietf@, so apologies for any duplicates.]
On Tue, Sep 02, 2008 at 03:46:48PM -0400, Joe Abley wrote:
> My point is that there are a large number of distributed denial of
> service attacks happening every day, on a scale large enough to
> involve multiple providers and cross-organisational teams for
> mitigation.
For informational purposes, I'd like to point out that yesterday on
the NANOG mailing list, it was asserted that DNS Amplification attacks
are being observed by one security worker (Gadi Evron) on a seemingly
daily basis, frustrated by the lack of adoption of BCP 38 (which is
proposed as the root cause). [1]
Let me say that it is entirely right to suggest that in this case, if
you are engaged in a dialogue of logical deduction, then in the face
of the claim that something does not exist, the responsibility of
argument is to prove that tFrom dnsop-bounces at ietf.org Fri Sep 5 16:36:34 2008
Return-Path: <dnsop-bounces at ietf.org>
X-Original-To: dnsop-archive at optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id C9BC13A6B2D;
Fri, 5 Sep 2008 16:36:34 -0700 (PDT)
X-Original-To: dnsop at core3.amsl.com
Delivered-To: dnsop at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id CFD7D3A6B2C
for <dnsop at core3.amsl.com>; Fri, 5 Sep 2008 16:36:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.289
X-Spam-Level:
X-Spam-Status: No, score=-6.289 tagged_above=-999 required=5 tests=[AWL=0.310,
BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fZJwZbkvPmI4 for <dnsop at core3.amsl.com>;
Fri, 5 Sep 2008 16:36:32 -0700 (PDT)
Received: from hankinsfamily.info (the.hankinsfamily.info [204.152.186.148])
by core3.amsl.com (Postfix) with ESMTP id D63453A6A5E
for <dnsop at ietf.org>; Fri, 5 Sep 2008 16:36:07 -0700 (PDT)
Received: from dhcp-144.sql1.isc.org (c-24-6-53-214.hsd1.ca.comcast.net
[24.6.53.214]) (authenticated bits=0)
by hankinsfamily.info (8.13.8/8.13.8) with ESMTP id m85Na8J1010368
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits%6 verify=NO)
for <dnsop at ietf.org>; Fri, 5 Sep 2008 16:36:08 -0700
Received: by dhcp-144.sql1.isc.org (Postfix, from userid 10200)
id D65E116E1B3; Fri, 5 Sep 2008 16:36:07 -0700 (PDT)
Date: Fri, 5 Sep 2008 16:36:07 -0700
From: "David W. Hankins" <David_Hankins at isc.org>
To: DNSOP WG <dnsop at ietf.org>
Message-ID: <20080905233607.GL5333 at isc.org>
References: <Pine.LNX.4.44.0809021337190.23961-100000 at citation2.av8.net>
<F1AF9690-55F3-4D1C-A14E-4A1D82A900A1 at ca.afilias.info>
MIME-Version: 1.0
In-Reply-To: <F1AF9690-55F3-4D1C-A14E-4A1D82A900A1 at ca.afilias.info>
User-Agent: Mutt/1.5.16 (2007-06-09)
Subject: Re: [DNSOP] Reflectors are Evil was Re: Anycast was Re:
Cache poisoning on DNSSEC
X-BeenThere: dnsop at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop at ietf.org>
List-Help: <mailto:dnsop-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============�98031997=="
Sender: dnsop-bounces at ietf.org
Errors-To: dnsop-bounces at ietf.org
[For brevity, this is intended as a message in support of Joe's
position. I think my original got eaten in the earlier mail
server event announced on ietf@, so apologies for any duplicates.]
On Tue, Sep 02, 2008 at 03:46:48PM -0400, Joe Abley wrote:
> My point is that there are a large number of distributed denial of
> service attacks happening every day, on a scale large enough to
> involve multiple providers and cross-organisational teams for
> mitigation.
For informational purposes, I'd like to point out that yesterday on
the NANOG mailing list, it was asserted that DNS Amplification attacks
are being observed by one security worker (Gadi Evron) on a seemingly
daily basis, frustrated by the lack of adoption of BCP 38 (which is
proposed as the root cause). [1]
Let me say that it is entirely right to suggest that in this case, if
you are engaged in a dialogue of logical deduction, then in the face
of the claim that something does not exist, the responsibility of
argument is to prove that thing doeFrom dnsop-bounces at ietf.org Fri Sep 5 16:36:34 2008
Return-Path: <dnsop-bounces at ietf.org>
X-Original-To: dnsop-archive at lists.ietf.org
Delivered-To: ietfarch-dnsop-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id C9BC13A6B2D;
Fri, 5 Sep 2008 16:36:34 -0700 (PDT)
X-Original-To: dnsop at core3.amsl.com
Delivered-To: dnsop at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id CFD7D3A6B2C
for <dnsop at core3.amsl.com>; Fri, 5 Sep 2008 16:36:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.289
X-Spam-Level:
X-Spam-Status: No, score=-6.289 tagged_above=-999 required=5 tests=[AWL=0.310,
BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fZJwZbkvPmI4 for <dnsop at core3.amsl.com>;
Fri, 5 Sep 2008 16:36:32 -0700 (PDT)
Received: from hankinsfamily.info (the.hankinsfamily.info [204.152.186.148])
by core3.amsl.com (Postfix) with ESMTP id D63453A6A5E
for <dnsop at ietf.org>; Fri, 5 Sep 2008 16:36:07 -0700 (PDT)
Received: from dhcp-144.sql1.isc.org (c-24-6-53-214.hsd1.ca.comcast.net
[24.6.53.214]) (authenticated bits=0)
by hankinsfamily.info (8.13.8/8.13.8) with ESMTP id m85Na8J1010368
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits%6 verify=NO)
for <dnsop at ietf.org>; Fri, 5 Sep 2008 16:36:08 -0700
Received: by dhcp-144.sql1.isc.org (Postfix, from userid 10200)
id D65E116E1B3; Fri, 5 Sep 2008 16:36:07 -0700 (PDT)
Date: Fri, 5 Sep 2008 16:36:07 -0700
From: "David W. Hankins" <David_Hankins at isc.org>
To: DNSOP WG <dnsop at ietf.org>
Message-ID: <20080905233607.GL5333 at isc.org>
References: <Pine.LNX.4.44.0809021337190.23961-100000 at citation2.av8.net>
<F1AF9690-55F3-4D1C-A14E-4A1D82A900A1 at ca.afilias.info>
MIME-Version: 1.0
In-Reply-To: <F1AF9690-55F3-4D1C-A14E-4A1D82A900A1 at ca.afilias.info>
User-Agent: Mutt/1.5.16 (2007-06-09)
Subject: Re: [DNSOP] Reflectors are Evil was Re: Anycast was Re:
Cache poisoning on DNSSEC
X-BeenThere: dnsop at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop at ietf.org>
List-Help: <mailto:dnsop-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============�98031997=="
Sender: dnsop-bounces at ietf.org
Errors-To: dnsop-bounces at ietf.org
[For brevity, this is intended as a message in support of Joe's
position. I think my original got eaten in the earlier mail
server event announced on ietf@, so apologies for any duplicates.]
On Tue, Sep 02, 2008 at 03:46:48PM -0400, Joe Abley wrote:
> My point is that there are a large number of distributed denial of
> service attacks happening every day, on a scale large enough to
> involve multiple providers and cross-organisational teams for
> mitigation.
For informational purposes, I'd like to point out that yesterday on
the NANOG mailing list, it was asserted that DNS Amplification attacks
are being observed by one security worker (Gadi Evron) on a seemingly
daily basis, frustrated by the lack of adoption of BCP 38 (which is
proposed as the root cause). [1]
Let me say that it is entirely right to suggest that in this case, if
you are engaged in a dialogue of logical deduction, then in the face
of the claim that something does not exist, the responsibility of
argument is to prove that thing does hing does exist, on the basis that one
cannot reasonably prove non-existence of any physical object (or
event) with Aristotelian tenacity.
Which is problematic because such a proof (with Aristotelian tenacity)
in this case would require publishing of normally witheld and guarded
data in provably unaltered forms. This may not even be possible.
This would appear then to be an impasse if the IETF required such
tenacity.
Fortunately, the IETF works on a basis of consensus among
practicioners, not on a basis of Aristotelian deductive proofs of
draft contents and volunteers' opinions. I'm content to agree with
the other WG participants that DNS Amplification attacks do persist in
the modern day, and that it is useful to write and publish a document
that seeks mitigation.
I hope that the WG's consensus will be so measured by the chairs.
[1] - http://www.merit.edu/mail.archives/nanog/msg11131.html
--
Ash bugud-gul durbatuluk agh burzum-ishi krimpatul.
Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
Attachment:
pgpmhjKvyiOK4.pgp
Description: PGP signature
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop