[110935] in North American Network Operators' Group
Are we really this helpless? (Re: isprime DOS in progress)
daemon@ATHENA.MIT.EDU (Seth Mattinen)
Fri Jan 23 21:05:48 2009
Date: Fri, 23 Jan 2009 18:05:43 -0800
From: Seth Mattinen <sethm@rollernet.us>
To: nanog@nanog.org
In-Reply-To: <1232761823.25013.5.camel@roswell.ausics.net>
Errors-To: nanog-bounces@nanog.org
Noel Butler wrote:
> On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:
>
>> We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same :/
>>
>
>
>
> Wrong approach, they are *innocent* in this as are the new targets.
>
> insert into your favourite acl:
> deny udp host 66.230.160.1 neq 53 any eq 53
> deny udp host 66.230.128.15 neq 53 any eq 53
>
> But it's much less work to add a filter on the name server as others
> have mentioned.
>
>
Having the world trying to keep up with ACL entries seems futile. Is
there really nothing to be done about this? (Yes, I know, BCP38, but
obviously the accomplice providers don't care.)
~Seth
