Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS deluge for x.p.ctrc.cc

  • From: Paul Vixie
  • Date: Sun Feb 26 16:34:37 2006 
christopher.morrow@verizonbusiness.com ("Christopher L. Morrow") writes:

> seems like global tcp/139|tcp/445 filters, or bogon filters... bits put
> into configs 'now' and completely forgotten about 'tomorrow' :(

speaking of which, f-root has about 35 nodes world wide, and about a third
to a half of them aren't reachable by udp/161, and the blockage is not in
our immediate neighbors but rather on transit paths.  this is due to the
cisco snmp vulnerability five years or so ago.  filtering in the core to
protect vulnerable edges has to be done a LOT more carefully than that.
(BCP38 is an example of how to do it well, but apparently impractically?)

i'm not following up on the dns related parts of this, since dns-operations@
seems to be pulling some of the dns related load today and i don't want to
say the same thing in both places.  see this URL for details:

http://lists.oarci.net/pipermail/dns-operations/2006-February/author.html
-- 
Paul Vixie


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.