Open Resolver Problems

[ahebert at pubnix.net (Alain Hebert)]

    Little bit of fun with http://bindguard.activezone.de/

    This little example with an open resolver with only 200 queries a
minute...

    The following list show the # of queries made followed by the query
in question.

    False positive:

69.x.x.x
        2 a1.mzstatic.com IN A +
        2 a1001.phobos.apple.com IN A +
        1153 a.root-servers.net IN A +

        ^- 1153 root queries under 10s... from a small office...

    Old uncontrolled botnet:

5.x.x.141
        1020 isc.org IN ANY +ED
64.x.x.22
        1440 isc.org IN ANY +ED
64.x.x.82
        1075 isc.org IN ANY +ED
64.x.x.50
        1011 isc.org IN ANY +ED
64.x.x.242
        1103 isc.org IN ANY +ED

    This result come from my cheap scripts(tm) and bindguard.

    If anyone wish to try it I can provide you with some support files
and examples.

    Just contact me offlist.  PS: It will be later today...

    Enjoy today's drama.

-----
Alain Hebert                                ahebert at pubnix.net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443