Re: Handling of Abuse Complaints

[Lee Fuller <leefuller23 () gmail com>]

It's quite possible to operate an open resolver while still making it very
difficult to use in an amplification attack - maybe coach your user into
using rate limiting if you are particularly keen not to 'shape' their
traffic at this stage. PowerDNS has a very powerful load balancer that can
be used effectively although it's name escapes me now. PowerDNS 3x and 4x
also has an effective anti spoofing mechanism.





*Kind Regards,Lee Fuller*

*PGP Fingerprint <https://leefuller.io/pgp/>: *
4ACAEBA4B9EE1B3A075034302D5C3D050E6ED55A

On 29 August 2016 at 18:04, Laszlo Hanyecz <laszlo () heliacal net> wrote:

> I know this is against the popular religion here but how is this abuse on
> the part of your customer?  Google, Level3 and many others also run open
> resolvers, because they're useful services. This is why we can't have nice
> things.
>
>
>
> On 2016-08-29 15:55, Jason Lee wrote:
>
> > NANOG Community,
> >
> > I was curious how various players in this industry handle abuse
> > complaints.
> > I'm drafting a policy for the service provider I'm working for about
> > handing of complaints registered against customer IP space. In this
> > example
> > I have a customer who is running an open resolver and have received a few
> > complaints now regarding it being used as part of a DDoS attack.
> >
> > My initial response was to inform the customer and ask them to fix it. Now
> > that its still ongoing over a month later, I'd like to take action to
> > remediate the issue myself with ACLs but our customer facing team is
> > pushing back and without an idea of what the industry best practice is,
> > management isn't sure which way to go.
> >
> > I'm hoping to get an idea of how others handle these cases so I can
> > develop
> > our formal policy on this and have management sign off and be able to take
> > quicker action in the future.
> >
> > Thanks,
> >
> > Jason