Paul, On Wed, Mar 13, 2019 at 1:03 AM Paul Vixie <p...@redbarn.org> wrote:
> On Tuesday, 12 March 2019 15:36:36 UTC Stephane Bortzmeyer wrote: > > On Mon, Mar 11, 2019 at 08:55:18AM +0530, > > nalini elkins <nalini.elk...@e-dco.com> wrote > > > > a message of 202 lines which said: > > > The questions that the Fortune 50 company architect asked were > something > > > like this: > > > > > > 1. You mean that DNS could be resolved outside my enterprise? > > > > I suggest to explain to this person that it was possible before, as > > any malware author discovered. > > no, it was not possible before. or rather, it could be cheaply prevented > before. > > > If people responsible for networks of Fortune 50 company don't know > > that it is difficult to stop unwanted communication (except when you > > control all the endpoints, or when you airgap your network), then it > > is indeed a problem :-) > > in my own travels, i've met some fortune-level CISO's who had not yet been > told that RDNS monitor/control bypass was now an internet standard, and > that > behavioural modeling based on TCP/443 endpoints was no longer practical. > so, i > urge greater efforts on getting the word out. > > vixie > > > Thank you. -- Thanks, Nalini Elkins President Enterprise Data Center Operators www.e-dco.com
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop