[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Open Resolver Problems

Subject: Open Resolver Problems
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Sun, 31 Mar 2013 23:16:20 -0400
In-reply-to: Your message of "Sun, 31 Mar 2013 16:09:35 -0500." <CAAAwwbVHfGYN824_R_zeiYbRU9aFytG=zbmiQjnz1h19agbGLg@mail.gmail.com>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAAAwwbVHfGYN824_R_zeiYbRU9aFytG=zbmiQjnz1h19agbGLg@mail.gmail.com>

On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
> On 3/29/13, Scott Noel-Hemming <frogstarr78 at gmail.com> wrote:
> >> Some of us have both publicly-facing authoritative DNS, and inward
> >> facing recursive servers that may be open resolvers but can't be
> >> found via NS entries (so the IP addresses of those aren't exactly
> >> publicly available info).
> > Sounds like your making the faulty assumption that an attacker would use
> > normal means to find your servers.
>
> A distributed scan of the entire IPv4 <SNIP>

Stop right there.

Anybody who is looking at this as an IPv4 issue is woefully misinformed
about the nature of the problem.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130331/1af61442/attachment.bin>

Follow-Ups:
- Open Resolver Problems
  - From: jared at puck.nether.net (Jared Mauch)

Prev by Date: BCP38 tester?
Next by Date: BCP38 tester?
Previous by thread: Open Resolver Problems
Next by thread: Open Resolver Problems
Index(es):
- Date
- Thread