Open Resolver Problems

• Previous message (by thread): FW: Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Apr 01, 2013, at 11:55 , "Milt Aitken" <milt at net2atlanta.com> wrote:

> Most of our DSL customers have modem/routers that resolve DNS
> externally.
> And most of those have no configuration option to stop it.
> So, we took the unfortunate step of ACL blocking DNS requests to & from
> the DSL network unless the requests are to our DNS servers.
> 
> Suboptimal, but it stopped the DNS amplification attacks.

I was going to suggest exactly this.

Don't most broadband networks have a line in their AUP about running servers? Wouldn't a DNS server count as 'a server'? Then wouldn't running one violate the AUP?

This gives the provider a hammer to hit the user over the head. Although that is quite unlikely, so the better point is that it also gives the provider cover in case some user complains about the provider filtering.

You can always make an exception if the user is extremely loud.

-- 
TTFN,
patrick


> -----Original Message-----
> From: Mikael Abrahamsson [mailto:swmike at swm.pp.se] 
> Sent: Monday, April 01, 2013 11:51 AM
> To: Chris Boyd
> Cc: nanog at nanog.org
> Subject: Re: Open Resolver Problems
> 
> On Mon, 1 Apr 2013, Chris Boyd wrote:
> 
>> Just back to the office, and started checking my networks.  Found one
> of 
>> the resolvers is a Netgear SOHO NAT box.  EoL'd, no new firmware 
>> available.  Anyone have any feeling for what percentage are these
> types 
>> of boxes?
> 
> If you buy "type of box" mean "small SOHO NAT router which does DNS 
> resolving on the WAN interface" then I'd say "a lot". Someone does a 
> rollout of new software and configuration and happens to mess up the 
> config file (or the vendor just happens to enable global dns resolving
> in 
> the new software) and this slips through testing, then you're there. I 
> believe this happens all the time.
> 
> That's why the publication of these lists are important, in a lot of
> cases 
> there are a lot of people who are simply not aware of these devices
> doing 
> this, and they need to be poked to notice.
> 
> -- 
> Mikael Abrahamsson    email: swmike at swm.pp.se
> 
> 

• Previous message (by thread): FW: Open Resolver Problems
• Next message (by thread): Open Resolver Problems
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]