-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Sean Donelan <[EMAIL PROTECTED]> wrote:
>On Wed, 9 Jul 2008, Steven M. Bellovin wrote: >> How many ISPs run DNS servers for customers? Start by signing those >> zones -- that has to be done in any event. Set up caching resolvers to >> verify signatures. "It is not your part to finish the task, yet you >> are not free to desist from it." (From the Talmud, circa 130.) >> >> No, I didn't say it would be easy, but if we don't start we're not >> going to get anywhere. > >Are these the same ISPs that haven't started implementing other >anti-spoofing controls like BCP38++? > >What is the estimated completion date to stop all spoofed IP packets, >included but only DNS spoofing? The second Tuesday of next week? ;-) - - ferg (BCP38 Protagonist) -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIdP19q1pz9mNUZTMRAjhrAKC1a0S5jPNyp3BMg932hghE8xG/xwCgzNgl wdnoEpm0aNTbg+2KHU0w94I= =Uyns -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/