Mitigating DNS amplification attacks

Jeff Wheeler jsw at
Wed May 1 10:42:32 UTC 2013

On Tue, Apr 30, 2013 at 8:35 PM, Jared Mauch <jared at> wrote:
> Please provide advice and insights as well as directing customers to the website. We want to close these down, if you need an accurate list of IPs in your ASN, please email me and I can give you very accurate data.

I think that a public list of open-resolvers is probably overdue, and
the only way to get them fixed.

It is trivial to scan the entire IPv4 address space for DNS servers
that do no throttling even without the resources of a malicious

Smurf was only "fixed" because, as there were fewer networks not
running `no ip directed-broadcast,` the remaining amplification
sources were flooded with huge amounts of malicious traffic.  The
public list of smurf amplifiers turned out to be the only way to
really deal with it.  I predict the same will be true with DNS.

Jeff S Wheeler <jsw at>
Sr Network Operator  /  Innovative Network Concepts

More information about the NANOG mailing list