Open Resolver Problems

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mar 31, 2013, at 11:16 PM, Valdis.Kletnieks at vt.edu wrote:

> On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
>> On 3/29/13, Scott Noel-Hemming <frogstarr78 at gmail.com> wrote:
>>>> Some of us have both publicly-facing authoritative DNS, and inward
>>>> facing recursive servers that may be open resolvers but can't be
>>>> found via NS entries (so the IP addresses of those aren't exactly
>>>> publicly available info).
>>> Sounds like your making the faulty assumption that an attacker would use
>>> normal means to find your servers.
>> 
>> A distributed scan of the entire IPv4 <SNIP>
> 
> Stop right there.
> 
> Anybody who is looking at this as an IPv4 issue is woefully misinformed
> about the nature of the problem.

:)

IPv4 it's easy to collect an inventory (the math works).  IPv6, not nearly as easy.

- Jared

• Previous message (by thread): Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]