nanog mailing list archives

Re: Open Resolver Problems

From: Alain Hebert <ahebert () pubnix net>
Date: Mon, 25 Mar 2013 12:35:22 -0400

    Well,

    Why would you only go after them?

    Easier target to mitigate the problem?

    That might be just me, but I find those peers allowing their
customers to spoof source IP addresses more at fault.

    PS: Some form of adaptive rate limitation works for it btw =D

-----
Alain Hebert                                ahebert () pubnix net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

On 03/25/13 12:14, Nick Hilliard wrote:

On 25/03/2013 15:54, Mattias Ahnberg wrote:

A list of 27 million open resolvers would be a pretty convenient input for
miscreants who want to abuse them, I believe? I assume Jared & co doesn't
want their collected work to be abused like that.

http://nmap.org/nsedoc/scripts/dns-recursion.html
http://monkey.org/~provos/dnsscan/

There are 224*2^24 possible unicast hosts, and a whole pile less which are
routed on the DFZ.

I don't think that we can pretend that it's going to help if we hide this
information under a stone and hope that people who are inclined to launch
DNS DDoS attacks are dumb enough not to be able to figure out how to use
these tools.

Highlighting the situation and getting operators to do something will help
fix the problem.

Nick

Current thread:

Re: Open Resolver Problems, (continued)
- - - Re: Open Resolver Problems Jared Mauch (Mar 26)
    - Re: Open Resolver Problems Valdis . Kletnieks (Mar 26)
    - Re: Open Resolver Problems joel jaeggli (Mar 26)
    - Re: Open Resolver Problems Jay Ashworth (Mar 26)
    - Re: Open Resolver Problems Saku Ytti (Mar 26)
    - Re: Open Resolver Problems Leo Bicknell (Mar 26)
    - Re: Open Resolver Problems Scott Noel-Hemming (Mar 29)
    - Re: Open Resolver Problems Mattias Ahnberg (Mar 25)
    - Re: Open Resolver Problems Jared Mauch (Mar 25)
    - Re: Open Resolver Problems Nick Hilliard (Mar 25)
    - Re: Open Resolver Problems Alain Hebert (Mar 25)
    - Re: Open Resolver Problems Joe Abley (Mar 25)
    - Re: Open Resolver Problems Måns Nilsson (Mar 25)
    - Re: Open Resolver Problems Joe Abley (Mar 25)
    - Re: Open Resolver Problems Mikael Abrahamsson (Mar 25)
    - Re: Open Resolver Problems Nick Hilliard (Mar 25)
    - Re: Open Resolver Problems Alain Hebert (Mar 25)
    - Re: Open Resolver Problems William Herrin (Mar 25)
    - Re: Open Resolver Problems Nick Hilliard (Mar 25)
    - Re: Open Resolver Problems William Herrin (Mar 25)
    - Re: Open Resolver Problems Jay Ashworth (Mar 26)

(Thread continues...)