lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: j.hall at f5.com (John Hall)
Subject: FW: Question for DNS pros

Ron DuFresne wrote:

>Still following here...
>
>adding oneself to the list John mentioned might be the eaisier tack in
>this situation, and make it so one is not hit by new implimentations, as
>long as BIG-IP sites are not able to configure themselves out of the
>do-not-probe listing as well;
>
><John Hall>
>3-DNS does maintain a "do-not-probe" list to which you can be added, if
>the 3-DNS's probe traffic is too obnoxious for you.
></John Hall>
>  
>
The do-not-probe list is maintained per site (or per group of associated
3-DNS's), not globally (although that's an interesting idea that I'll
forward to the developers).  The whole purpose for this probe traffic
is to improve service to the customers of a web site and probes are only
sent after a customer's local DNS server queries the 3-DNS.  If a customer
stops querying the 3-DNS, then after a while, the 3-DNS will stop probing
back.  We are doing everything we can to avoid generating much probe
traffic.  The per-site probes should never be more than a few packets
per hour in the default configurations and even a really aggressive
configuration should generate no more than 16-20 packets per hour per site.

>Though, I must admit, I'm none to fond of opt-outs rather than opt-ins.
>  
>
I agree in most cases, although I do think that with the Internet you just
have to have somewhat thicker skin.  It's a tradeoff between getting good
response when you visit Yahoo, Google, CNN, your bank, etc. and only getting
the packets you approve of coming in your wire.  I admit that I'm *much*
more concerned with the 10000 attempts per day to deliver spam to my
personal ".net" domain (which only has 4 valid email destinations) than I
am with content delivery network probes that are only sent in response to
my browsing.  :)

>Thanks,
>
>Ron DuFresne
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>"Cutting the space budget really restores my faith in humanity.  It
>eliminates dreams, goals, and ideals and lets us get straight to the
>business of hate, debauchery, and self-annihilation." -- Johnny Hart
>	***testing, only testing, and damn good at it too!***
>
>OK, so you're a Ph.D.  Just don't touch anything.
>  
>
-- 
John Hall              Test Manager - Switch Team             F5 Networks, Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ