From: Paul Hartman <paul.hartman+gentoo@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] How to prevent a dns amplification attack
Date: Thu, 28 Mar 2013 15:53:49 -0500 [thread overview]
Message-ID: <CAEH5T2MbXsm5Gy=QJ1W=kWioV+bKRRxuC7RRyhzESc+=9fgLQQ@mail.gmail.com> (raw)
In-Reply-To: <5154A1BE.7010308@gmail.com>
On Thu, Mar 28, 2013 at 3:02 PM, Alan McKinnon <alan.mckinnon@gmail.com> wrote:
>>> Or just use the ISP's DNS caches. In the vast majority of cases, the ISP
>>> knows how to do it right and the user does not.
>>
>> Generally true, though I've known people to choose not to use ISP caches
>> owing to the ISP's implementation of things like '*' records, ISPs
>> applying safety filters against some hostnames, and concerns about the
>> persistence of ISP request logs.
>
> I get a few of those too every now and again. I know for sure in my case
> their fears are unfounded, but can't prove it. Those few (and they are
> few) can go ahead and deploy their own cache. I can't stop them, they
> are free to do it, they are also free to ignore my advice of they choose.
In my case, my ISP's DNS servers are slow (several seconds to reply),
fail randomly when they should resolve, return an IP (which goes to
their ad-laden "helper" website if you are using a web browser) when
they should instead return nxdomain, and they have openly admitted to
selling customer DNS lookup history to marketers for targeted
advertising.
Thanks for being one of the good guys. :)
next prev parent reply other threads:[~2013-03-28 20:54 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-28 8:51 [gentoo-user] How to prevent a dns amplification attack Norman Rieß
2013-03-28 9:07 ` Adam Carter
2013-03-28 22:16 ` Norman Rieß
2013-03-28 15:12 ` Volker Armin Hemmann
2013-03-28 20:51 ` Kevin Chadwick
2013-03-28 20:57 ` Kevin Chadwick
2013-03-28 21:04 ` Michael Mol
2013-03-28 22:36 ` Kevin Chadwick
2013-03-28 15:38 ` Michael Mol
2013-03-28 16:06 ` Pandu Poluan
2013-03-28 16:10 ` Michael Mol
2013-03-28 18:26 ` Norman Rieß
2013-03-28 19:16 ` Alan McKinnon
2013-03-28 19:38 ` Michael Mol
2013-03-28 20:02 ` Alan McKinnon
2013-03-28 20:53 ` Paul Hartman [this message]
2013-03-28 20:59 ` Michael Mol
2013-03-29 0:49 ` Peter Humphrey
2013-03-29 8:53 ` Norman Rieß
2013-03-29 13:27 ` Alan McKinnon
2013-03-29 13:36 ` Michael Mol
2013-03-29 22:34 ` Paul Hartman
2013-03-29 23:01 ` William Kenworthy
2013-03-29 23:09 ` Michael Mol
2013-03-30 4:07 ` Walter Dnes
2013-03-30 12:06 ` Norman Rieß
2013-03-30 14:53 ` Rene Rasmussen
2013-03-30 15:15 ` [Bulk] " Kevin Chadwick
2013-03-30 15:30 ` Tanstaafl
2013-03-30 15:11 ` Kevin Chadwick
2013-03-30 16:44 ` Norman Rieß
2013-03-30 17:30 ` [gentoo-user] Re: [seriously O/T] " Mick
2013-03-29 13:24 ` [gentoo-user] " Alan McKinnon
2013-03-28 16:53 ` Jarry
2013-03-28 19:40 ` Paul Ezvan
2013-03-31 2:08 ` Paul Hartman
2013-03-31 8:47 ` Jarry
2013-03-31 19:07 ` Norman Rieß
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEH5T2MbXsm5Gy=QJ1W=kWioV+bKRRxuC7RRyhzESc+=9fgLQQ@mail.gmail.com' \
--to=paul.hartman+gentoo@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox