nanog mailing list archives

Re: Open Resolver Problems


From: Jared Mauch <jared () puck nether net>
Date: Mon, 25 Mar 2013 09:53:05 -0500

I think if we get to that small number from tens of millions then we are in much better shape. 

Closing them and setting up rate limiting on your authorities will go a long way. 

Jared Mauch

On Mar 25, 2013, at 9:45 AM, Harry Hoffman <hhoffman () ip-solutions net> wrote:

What are those who provide open resolvers, such as google, doing to
combat the problem?

It would be nice to be able to provide open resolvers as a service and
combat the various threats associated with them.


Cheers,
Harry

On 03/25/2013 10:22 AM, Jared Mauch wrote:
All,

Open resolvers pose a security threat.  I wanted to let everyone know about a search tool that can help you find the 
ones within your organization. Treat it like a big "BETA" stamp is across it, but please try it out and see if you 
can close down any hosts within your network.

This threat is larger than the SMURF amplification attacks in the past and can result in some quite large attacks.  
I've seen this spilling out into other mailing lists (e.g.: juniper-nap and others).

Please send feedback about links that should be included or documentation and spelling errors to me.

openresolverproject.org

Some basic stats:

27 million resolvers existed as of this dataset collection

only 2.1 million of them were "closed".

We have a lot to do to close the hosts, please do what you can to help.

Thanks,

- Jared




Current thread: