nanog mailing list archives

Re: Open Resolver Problems

From: Nick Hilliard <nick () foobar org>
Date: Tue, 26 Mar 2013 08:13:49 +0000

On 26/03/2013 07:51, Valdis.Kletnieks () vt edu wrote:

Now explain how you find a recursive nameserver that isn't listed in an NS
entry and *hasn't* been publicized someplace that Google can find it.


Um, you run one of e.g.:

http://nmap.org/nsedoc/scripts/dns-recursion.html
http://monkey.org/~provos/dnsscan/

Then wait for a while while it churns through the ~224*2^24 packets it
needs to scan the entire ipv4 internet.  Of course, you could write your
own code, but that would take at least 1/2 an hour.

Then you have every open resolver on the internet.

Now, can you tell me how this is beyond the computing skill of someone who
controls a bigass botnet?

(Otherwise read as "we'll be glad to fix it if somebody has a brilliant
idea on how to do so without generating more calls to the help desk than
the near-zero rate we currently get about DNS amplification  issues"....)


The whole point of this thread is that dns amplification hurts other
people, not the resolver which is being abused.  Just like in the old days,
abusing open mail relays hurt other people more than the relay operator.

Nick

Current thread:

Open Resolver Problems Jared Mauch (Mar 25)
- Re: Open Resolver Problems Mikael Abrahamsson (Mar 25)
  - Re: Open Resolver Problems Nick Hilliard (Mar 25)
    - Re: Open Resolver Problems Valdis . Kletnieks (Mar 25)
    - Re: Open Resolver Problems Jared Mauch (Mar 25)
    - Re: Open Resolver Problems Christopher Morrow (Mar 25)
    - Re: Open Resolver Problems Valdis . Kletnieks (Mar 26)
    - Re: Open Resolver Problems Nick Hilliard (Mar 26)
    - Re: Open Resolver Problems Dobbins, Roland (Mar 26)
    - Re: Open Resolver Problems Patrick W. Gilmore (Mar 26)
    - Re: Open Resolver Problems Valdis . Kletnieks (Mar 26)
    - Re: Open Resolver Problems Nick Hilliard (Mar 27)
    - Re: Open Resolver Problems Alain Hebert (Mar 27)
    - Re: Open Resolver Problems Rich Kulawiec (Mar 27)
    - Re: Open Resolver Problems Nick Hilliard (Mar 27)
    - Re: Open Resolver Problems Alain Hebert (Mar 27)
    - Re: Open Resolver Problems Jared Mauch (Mar 27)
    - Re: Open Resolver Problems Chris Adams (Mar 26)

(Thread continues...)