[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open Resolver Problems


    Why would you only go after them?

    Easier target to mitigate the problem?

    That might be just me, but I find those peers allowing their
customers to spoof source IP addresses more at fault.

    PS: Some form of adaptive rate limitation works for it btw =D

Alain Hebert                                ahebert at pubnix.net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

On 03/25/13 12:14, Nick Hilliard wrote:
> On 25/03/2013 15:54, Mattias Ahnberg wrote:
>> A list of 27 million open resolvers would be a pretty convenient input for
>> miscreants who want to abuse them, I believe? I assume Jared & co doesn't
>> want their collected work to be abused like that.
> http://nmap.org/nsedoc/scripts/dns-recursion.html
> http://monkey.org/~provos/dnsscan/
> There are 224*2^24 possible unicast hosts, and a whole pile less which are
> routed on the DFZ.
> I don't think that we can pretend that it's going to help if we hide this
> information under a stone and hope that people who are inclined to launch
> DNS DDoS attacks are dumb enough not to be able to figure out how to use
> these tools.
> Highlighting the situation and getting operators to do something will help
> fix the problem.
> Nick