[Dshield] Need some help testing
Tomas L. Byrnes
tomb at byrneit.net
Sun Jul 8 04:32:03 GMT 2007
If you use drafts for public connectivity, you are asking for trouble.
What you propose is akin to trying to run OSPF and/or BGP with all
connected peers, and not accepting traffic from those that don't provide
you routing information via those methods.
PTR records are created for many reasons, and in many cases have been
around a lot longer than the drafts you reference or their predecessors,
and are usually used by the OSS/NMS systems for node identification, so
changing them is a non-trivial exercise.
IMNSHO, your approach has a very high probability of false positives.
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Mar
> Matthias Darin
> Sent: Saturday, July 07, 2007 9:03 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Need some help testing
>
> Hello,
>
> Tomas L. Byrnes writes:
>
> > The problem here is that you are referring to an IETF draft, which
> > means it is not even close to widely followed.
> >
> > The APL RR type was a draft for 3 years, but never made it into the
> > spec. That would have been much more useful for filtering.
>
> Very true. However, the IETF draft is the closest to real
> world PCRE and REGEX filtering commonly deployed in today's
> active market.
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC. 56
> courses, SANS top instructors, and a great tools and
> solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>
More information about the list
mailing list