[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Thank you, Comcast.

Subject: Thank you, Comcast.
From: rdobbins at arbor.net (Roland Dobbins)
Date: Fri, 26 Feb 2016 23:30:31 +0700
In-reply-to: <848464982.14027.1456503347620.JavaMail.mhammett@ThunderFuck>
References: <848464982.14027.1456503347620.JavaMail.mhammett@ThunderFuck>

On 26 Feb 2016, at 23:15, Mike Hammett wrote:

> I think you'd be hard pressed to find more than a tenth of a percent 
> of people attempt to run their own DNS server.

You'll find a heck of a lot more of them doing so unknowingly, because 
they're running misconfigured, abusable CPE devices which can be 
leveraged by attackers to launch DNS reflection/amplification attacks.

Note that outbound/crossbound DDoS attacks can have just as much of a 
negative impact on availability as inbound DDoS attacks; even more, when 
multiple attackers are abusing the same reflectors/amplifiers (which is 
often the case).

And even that small tenth of a percent who're deliberately running their 
own DNS servers can end up inadvertently causing disruption if they're 
running those DNS servers as open recursors.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

References:
- Thank you, Comcast.
  - From: nanog at ics-il.net (Mike Hammett)

Prev by Date: Thank you, Comcast.
Next by Date: Thank you, Comcast.
Previous by thread: Thank you, Comcast.
Next by thread: Thank you, Comcast.
Index(es):
- Date
- Thread