[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Open Resolver Problems
Well,
Why would you only go after them?
Easier target to mitigate the problem?
That might be just me, but I find those peers allowing their
customers to spoof source IP addresses more at fault.
PS: Some form of adaptive rate limitation works for it btw =D
-----
Alain Hebert ahebert at pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 03/25/13 12:14, Nick Hilliard wrote:
> On 25/03/2013 15:54, Mattias Ahnberg wrote:
>> A list of 27 million open resolvers would be a pretty convenient input for
>> miscreants who want to abuse them, I believe? I assume Jared & co doesn't
>> want their collected work to be abused like that.
> http://nmap.org/nsedoc/scripts/dns-recursion.html
> http://monkey.org/~provos/dnsscan/
>
> There are 224*2^24 possible unicast hosts, and a whole pile less which are
> routed on the DFZ.
>
> I don't think that we can pretend that it's going to help if we hide this
> information under a stone and hope that people who are inclined to launch
> DNS DDoS attacks are dumb enough not to be able to figure out how to use
> these tools.
>
> Highlighting the situation and getting operators to do something will help
> fix the problem.
>
> Nick
>
>
>
>