[96725] in North American Network Operators' Group
Re: Interesting new dns failures
daemon@ATHENA.MIT.EDU (David Ulevitch)
Tue May 22 18:02:48 2007
Date: Tue, 22 May 2007 15:02:22 -0700
From: David Ulevitch <davidu@everydns.net>
To: Fergie <fergdawg@netzero.net>
Cc: nanog@merit.edu
In-Reply-To: <20070522.144100.5535.3183392@webmail13.lax.untd.com>
Errors-To: owner-nanog@merit.edu
Fergie wrote:
> David,
>
> As you (and some others) may be aware, that's an approach that we
> (Trend Micro) took a while back, but we got a lot (that's an
> understatement) of push-back from service providers, specifically,
> because they're not very inclined to change out their infrastructure
> (in this case, their recursive DNS) for something that could identify
> these types of behaviors.
Was that the real reason?
Here's a crazy question... Did it by chance cost money? :-)
I'm not saying it should have been free just that the hesitation to roll
it out *might* have been for factors besides the fact that it mitigated
DNS based botnets.
How do operators decide the expense is worth it to mitigate spew coming
out of their network? When their outbound DoS traffic exceeds their
inbound transit ratios? :-)
-David
>
> And actually, in the case you mentioned above -- to identify
> this exact specific behavior.
