Paul,

On Wed, Mar 13, 2019 at 1:03 AM Paul Vixie <p...@redbarn.org> wrote:

> On Tuesday, 12 March 2019 15:36:36 UTC Stephane Bortzmeyer wrote:
> > On Mon, Mar 11, 2019 at 08:55:18AM +0530,
> >  nalini elkins <nalini.elk...@e-dco.com> wrote
> >
> >  a message of 202 lines which said:
> > > The questions that the Fortune 50 company architect asked were
> something
> > > like this:
> > >
> > > 1. You mean that DNS could be resolved outside my enterprise?
> >
> > I suggest to explain to this person that it was possible before, as
> > any malware author discovered.
>
> no, it was not possible before. or rather, it could be cheaply prevented
> before.
>
> > If people responsible for networks of Fortune 50 company don't know
> > that it is difficult to stop unwanted communication (except when you
> > control all the endpoints, or when you airgap your network), then it
> > is indeed a problem :-)
>
> in my own travels, i've met some fortune-level CISO's who had not yet been
> told that RDNS monitor/control bypass was now an internet standard, and
> that
> behavioural modeling based on TCP/443 endpoints was no longer practical.
> so, i
> urge greater efforts on getting the word out.
>
> vixie
>
>
>
Thank you.

-- 
Thanks,
Nalini Elkins
President
Enterprise Data Center Operators
www.e-dco.com
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to