[ratelimits] Poor CERT warning message
P Vixie
paul at redbarn.org
Tue Sep 10 22:13:54 UTC 2013
The announcement is rubbish. I've argued this extensively with the discoverers and now that they've gone public so will I. Vixie
Geert Jan de Groot <GeertJan.deGroot at xs4all.nl> wrote:
>
>Please have a look at:
>https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2013-0597+1.00+Rate+limiting+van+DNS+responses+veroorzaakt+kwetsbaarheid.htm
>
>(which is in Dutch and which breaks google translate; cut/paste
>the text itself does work however).
>
>Note that this refers to a CERT message from a French CERT (again,
>use 'translate if required).
>
>I think these CERT warnings are poorly informed, incorrect,
>and lack a fundamental understanding of how RRL works.
>
>The mitigation proposed, instead of using RRL, is problematic:
>"Managers of resolver DNS servers (!) could use monitoring to
>detect unusual high amounts of DNS requests to detect an attack".
>Right.
>
>Unfortunately, CERT messages are sometimes seen as gospel
>even when they are incorrect.
>
>I'm not sure about what to do against spread of this misinformation.
>
>Geert Jan
>
>_______________________________________________
>ratelimits mailing list
>ratelimits at lists.redbarn.org
>http://lists.redbarn.org/mailman/listinfo/ratelimits
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130910/d2d0e027/attachment.htm>
More information about the ratelimits
mailing list