Re: new DNS forwarder vulnerability

[Mark Allman <mallman () icir org>]

[catching up]

> That's a good question, but I know that during the ongoing survey
> within the Open Resolver Project [http://openresolverproject.org/],
> Jared found thousands of CPE devices which responded as resolvers.

Not thousands, *tens of millions*.

Our estimate from mid-2013 was 32M such devices (detailed in an IMC
paper last year; http://www.icir.org/mallman/pubs/SCRA13/).  And, that
roughly agrees with both the openresolverproject.org numbers and another
(not public) study I know of.  And, as if that isn't bad enough
... there is a 2010 IMC paper that puts the number at 15M.  I.e., the
instances of brokenness are getting worse---doubling in 3 years!  UGH.

allman

Attachment: _bin
Description: