On 2009-11-24, at 6:15 PM, valdis.kletni...@vt.edu wrote: > On Tue, 24 Nov 2009 16:38:33 EST, Brad Laue said: > >> True, but wouldn't a blacklist of SPF records for known spam issuing >> domains be a more maintainable list than an IP block whitelist? >> >> (I'm no doubt missing something very obvious with this question) > > 140M+ .com where a malicious DNS server in East Podunk can be authoritative > for > a domain actually in Bratslavia and domains are cheap and throw-away. > > 16M /24's, where you (mostly(*)) need to be able to actually route the > packets, > so if you have a /24 in Bratslavia, you need something resembling a router > in Bratslavia as well, and somebody willing to light up the other end of > the cable, and you need a way to make BGP announcements (legal or otherwise ;) > to be able to exploit it. > > Choose wisely which you'd rather use for defense. > > (*) Mostly - though the BGP hack demonstrated at last year's DefCon > did qualify as an Epic Win for kewl presentations. ;)
Ah, very true. Still really hoping to get in touch with someone from AT&T. :-) Thanks for the info.
