The obvious suspect behind the attacks is the Chinese government
// This is just shame. Don't we have the rules to stop them?
From the article:
“There’s no technical solution that Cloudflare can create to solve this
problem unless we re-architect the Internet.”
I just love this kind of thin
On 11/24/2014 07:22 PM, Franck Martin wrote:
> I’m not sure it is right to post job opportunities on this list, but I’m
> taking my chances :P
What, social media not working :-?
You in fact want:
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
for postings like this.
Keith
> We
I’m not sure it is right to post job opportunities on this list, but I’m taking
my chances :P
We are looking for someone with strong skills in DNS, Kerberos, NTP,… to work
in Sunnyvale, CA.
See this link for the complete job description:
https://www.linkedin.com/jobs2/view/28523166
Feel free
The correct response to unknown EDNS versions is to return BADVERS.
This was spelt out in RFC 2671 in 1999 and has not been changed in
RFC 6891.
Nameservers should not ignore the versions field.
Nameservers should respond to unknown EDNS versions.
Nameservers should not return FORMERR.
Returning
We are looking to deploy DNS Cookies or SIT soon and the handling
of unknown EDNS options is atrocious.
http://users.isc.org/~marka/ts/gov.optfail.html
Unknown EDNS options are supposed to be ignored. See RFC6891, 6.1.2
Wire Format.
They should not generate FORMERR.
They
>From the article:
“There’s no technical solution that Cloudflare can create to solve this
problem unless we re-architect the Internet.”
I just love this kind of thinking!
Daniel
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https:/
Moin!
> On 24 Nov 2014, at 12:10, Stephane Bortzmeyer wrote:
>
> CloudFlare claims it is a DNS attack. I thought amplifications attacks
> using the DNS were old-fashioned, everybody moving to NTP and SNMP?
>From the description in the article it could be also a random subdomain
>attack, or comb
> On 24 nov 2014, at 11:11, Mehmet Akcin wrote:
>
> any pros/cons you can think of this being enabled by default other than
> obvious additional steps being required for domain transfers, and this adding
> burden for registrars, etc.
Because different registries do implement lock differently
On 24 Nov 2014, at 18:10, Stephane Bortzmeyer wrote:
I thought amplifications attacks using the DNS were old-fashioned,
everybody moving to NTP and SNMP?
Attack vectors never go away - it's just that new ones are added.
We still see SYN-floods every day - and ntp, DNS, SNMP, chargen, and
SS
CloudFlare claims it is a DNS attack. I thought amplifications attacks
using the DNS were old-fashioned, everybody moving to NTP and SNMP?
http://www.forbes.com/sites/parmyolson/2014/11/20/the-largest-cyber-attack-in-history-has-been-hitting-hong-kong-sites/
___
Hello,
this might be little off topic, apologies if it's.
which registrars provide registrar-lock enabled by default to improve
security, if any?
i have been trying to educate mysefl and understand why registrars don't
enable this by default and only document I was able to find was
https://www.i
11 matches
Mail list logo
