At 07:09 PM 5/26/2006, Rick Wesson wrote:
for this community would trend analysis with the best of who is getting better and the worst of who is getting worse and some baseline counts be enough for this group to understand if the problem is getting better.
I am suggesting that NANOG is an appropriate forum to publish general stats on who the problem is getting better/worse for and possibly why things got better/worse.
I'd like to see a general head nod that there is a problem and develop some stats so we can understand if it is getting better or worse.
We all know there is a problem. Botnets/zombies/et. al. are the number one threat to the infrastructure and the attacks may be deliberate or they may be a distraction. The motive is unclear because attacking, for example, root servers, is an effort without some obvious economic incentive, at least that I can see. It doesn't make a lot of sense because the conventional wisdom before they open recursive attacks was that it was in the miscreants best interest to not attack infrastructure so that it could facilitate their reachable "goals". The DA report went through a large thread(s) to post statistics here and I'm not sure why yours will be any better, or, just another set of statistics which further de-sensitizes everyone to the problem. I mean, it looks like, all of a sudden, the DNS community has a big problem with these open recursive attacks, ran off privately, and have now determined that it's a feature, not a bug, and well, heck, operators are now responsible. I am not saying that is the answer, but I am saying I am reading the OARC comments and this is sort of what it fees like. As much as Gadi seems to appropriate others credit, Randy Vaugh and him have been doing this work for some time and deserves some credit so I'd say "have you spoken to them about how to make their report better" yet instead of "create more". -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com