nanog mailing list archives
Re: Open Resolver Problems
From: Jared Mauch <jared () puck nether net>
Date: Mon, 1 Apr 2013 09:44:41 -0400
On Mar 31, 2013, at 11:16 PM, Valdis.Kletnieks () vt edu wrote:
On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:On 3/29/13, Scott Noel-Hemming <frogstarr78 () gmail com> wrote:Some of us have both publicly-facing authoritative DNS, and inward facing recursive servers that may be open resolvers but can't be found via NS entries (so the IP addresses of those aren't exactly publicly available info).Sounds like your making the faulty assumption that an attacker would use normal means to find your servers.A distributed scan of the entire IPv4 <SNIP>Stop right there. Anybody who is looking at this as an IPv4 issue is woefully misinformed about the nature of the problem.
:) IPv4 it's easy to collect an inventory (the math works). IPv6, not nearly as easy. - Jared
Current thread:
- Re: Open Resolver Problems Jared Mauch (Apr 01)
- Re: Open Resolver Problems Tony Finch (Apr 01)
- Re: Open Resolver Problems Valdis . Kletnieks (Apr 01)
- Re: Open Resolver Problems joel jaeggli (Apr 01)
- Re: Open Resolver Problems John Kristoff (Apr 02)
- Re: Open Resolver Problems Valdis . Kletnieks (Apr 01)
- <Possible follow-ups>
- Re: Open Resolver Problems Chris Boyd (Apr 01)
- Re: Open Resolver Problems Paul Ferguson (Apr 01)
- Re: Open Resolver Problems Mikael Abrahamsson (Apr 01)
- FW: Open Resolver Problems Milt Aitken (Apr 01)
- Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
- Re: Open Resolver Problems Dobbins, Roland (Apr 01)
- Re: Open Resolver Problems Patrick W. Gilmore (Apr 01)
(Thread continues...)
- Re: Open Resolver Problems Tony Finch (Apr 01)