Defense against a client?
Mark Andrews
marka at isc.org
Tue Jan 17 05:13:13 UTC 2012
In message <358ad0a6-b4db-47aa-87f9-b7ef4b86ab4c at email.android.com>, David Mill
er writes:
> >Which will more and more be behind CGN especially as DNSSEC take up
> >increases.
>
> If one sets up a infrastructure such that a large number of end users "share
> the same fate" through having the same source address... then one should not
> be surprised when these end users actually do share the same fate...
>
> -DMM
Assuming that there is a single client on a single address has
*never* been a valid assumption. Security policies that assume
that are *broken*. Even with IPv6 this will not be a valid assumption
though you may get to a single machine per address. machine is
still not client.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list