Open Resolver Problems

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Apr 1 03:16:20 UTC 2013


On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
> On 3/29/13, Scott Noel-Hemming <frogstarr78 at gmail.com> wrote:
> >> Some of us have both publicly-facing authoritative DNS, and inward
> >> facing recursive servers that may be open resolvers but can't be
> >> found via NS entries (so the IP addresses of those aren't exactly
> >> publicly available info).
> > Sounds like your making the faulty assumption that an attacker would use
> > normal means to find your servers.
>
> A distributed scan of the entire IPv4 <SNIP>

Stop right there.

Anybody who is looking at this as an IPv4 issue is woefully misinformed
about the nature of the problem.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130331/1af61442/attachment.sig>


More information about the NANOG mailing list