[Dshield] Need some help testing
Mar Matthias Darin
BDarin at tanaya.net
Sun Jul 8 18:25:31 GMT 2007
Hello,
Tomas L. Byrnes writes:
> If you use drafts for public connectivity, you are asking for trouble.
> What you propose is akin to trying to run OSPF and/or BGP with all
> connected peers, and not accepting traffic from those that don't provide
> you routing information via those methods.
>
> PTR records are created for many reasons, and in many cases have been
> around a lot longer than the drafts you reference or their predecessors,
> and are usually used by the OSS/NMS systems for node identification, so
> changing them is a non-trivial exercise.
>
> IMNSHO, your approach has a very high probability of false positives.
Remember, this is already is practice. The IETF draft is simply attempting
to formalize the process. With or without the draft, the practical
applicate of dynamic IP address filtering is not going to stop.
Surprisingly, the number of false positives is quite low. In the 8 years of
my research, I have encountered 5 false positives, though it must be stated
that each machine will have different stats. DynaStop takes into account
this and provides an easy method for exclusions.
Again true, however, the laws of probability still hold true that a vast
number (last estimate was 2/3) of the Internet does not change in a rapid
fashion. All too often, standards are based on common practices of which
are usually not the best. The Internet is filled with many cases of this,
SMTP is just one example.
More information about the list
mailing list