I don't think the operation community wants to think about the implications of someone with both malice and BRAINS trying to utilize the same security problems.
Maybe some of us have thought about it and realized that the best course of action is to: a. not talk publicly about this lest the cracker community learn too much b. harden our networks and systems to survive such a scenario. A couple of good tips have been pointed out re filtering bogus source routes and blocking broadcast packets during this thread. Not to mention upgrading to the latest BIND and running servers non-recursively if they are only acting as primary/secondary for customer domains. c. make sure that we have the logging systems in place to trace and identify the people carrying out such an attack so that the appropriate law enforcement agencies can deal with them. Some of us also know that there are some very bright and skilled people studying information warfare in order to better prepare the armed forces and civilian security agencies to deal with info warfare attacks. We may as well let them do their job and we'll do ours. We are like the designers and operators of an interstate toll highway, not like the highway patrol. In fact I think one of your most recent posts quite eloquently pointed out the difficulty, futility almost, of trying to block such attacks with a protocol that was never designed to be secure. If we are going to take heroic measures, would they not be better spent on implementing DNSSEC rather than shoring up the old DNS protocol? The lesson of the coal mines in England comes to mind... ******************************************************** Michael Dillon voice: +1-415-482-2840 Senior Systems Architect fax: +1-415-482-2844 PRIORI NETWORKS, INC. http://www.priori.net "The People You Know. The People You Trust." ********************************************************