[89551] in North American Network Operators' Group
Re: DNS Amplification Attacks
daemon@ATHENA.MIT.EDU (Joseph S D Yao)
Sat Mar 25 10:17:25 2006
Date: Fri, 24 Mar 2006 15:45:53 -0500
From: Joseph S D Yao <jsdy@center.osis.gov>
To: Michael.Dillon@btradianz.com
Cc: nanog@merit.edu
Mail-Followup-To: Michael.Dillon@btradianz.com, nanog@merit.edu
In-Reply-To: <OFC8CBEE7B.4C5F283C-ON8025713A.0034801C-8025713A.0034B206@btradianz.com>
Errors-To: owner-nanog@merit.edu
On Thu, Mar 23, 2006 at 09:35:34AM +0000, Michael.Dillon@btradianz.com wrote:
> > > DNS looking glasses, in much the same way that we use web-form based
> > > BGP or traceroute looking glasses today.
> >
> > Open resolvers are far better then looking glasses to assess the state
> > of DNS, and we are campaigning against them. You can't have it both
> > ways. 8-(
>
> What is the definition of "DNS Looking Glass"?
> If it is a PERL CGI script then I would agree with you.
> If it is a DNS proxy that applies rate limiting
> and damping then I disagree with you.
I believe he's talking about things like the Looking Glass Web sites.
The one I wrote was a simple hardened shell script that called local
resources to do its thing.
--
Joe Yao
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
