Hi frpeter...interesting post and thread. It makes for good conversation...
Where are you getting your information? I'm not familiar with this being a regular practice, but consider it more of an extreme solution to a problem. Kind of like hitting a nail with a thermonuclear warhead.Quote:
1. Why then is a blanket block on unresolvable IP addresses becoming increasingly popular?
Hard to say. Some government systems may intentionally not resolve. Also, and I don't know the regulations over this, but many agencies may intentionally not reverse their IP's for the purpose of client privacy and such. Hard to say.Quote:
2. Any opinions as to why ISP and the like do not atleast use a resolvable in.arpa reverse resolution? Especially considering that large blocks can be written out with a simple bash script?
I think it comes down to this...blocking unresolvable IPs is an option. So is instituting a white-list, black-list, ACL, etc. But just because some folks consider it an acceptable solution for THEIR situation (and maybe these folks are championing their position for whatever reason) doesn't make it a panacea for YOUR situation. I would certainly consider it a valid option if you had a limited audience for the services being presented.
For example, my client has an external FTP server specifically for business partners to push and pull (encrypted) data files through. There is a short list of partners who would use this. If we began to see suspicious activity, recon or probe attempts, etc. then instituting a policy like this would probably be a good initial step. Certainly not a complete response, and you have to be mindful of clients being cut off...but its an option.
Personally, I think I have better ways to spend my time and energy actually solving the problem. My $0.02.