Handling of Abuse Complaints

Mon Aug 29 17:13:33 UTC 2016

It's quite possible to operate an open resolver while still making it very
difficult to use in an amplification attack - maybe coach your user into
using rate limiting if you are particularly keen not to 'shape' their
traffic at this stage. PowerDNS has a very powerful load balancer that can
be used effectively although it's name escapes me now. PowerDNS 3x and 4x
also has an effective anti spoofing mechanism.

*Kind Regards,Lee Fuller*

*PGP Fingerprint <https://leefuller.io/pgp/>: *
4ACAEBA4B9EE1B3A075034302D5C3D050E6ED55A

On 29 August 2016 at 18:04, Laszlo Hanyecz <laszlo at heliacal.net> wrote:

> I know this is against the popular religion here but how is this abuse on
> the part of your customer?  Google, Level3 and many others also run open
> resolvers, because they're useful services. This is why we can't have nice
> things.
>
>
>
> On 2016-08-29 15:55, Jason Lee wrote:
>
>> NANOG Community,
>>
>> I was curious how various players in this industry handle abuse
>> complaints.
>> I'm drafting a policy for the service provider I'm working for about
>> handing of complaints registered against customer IP space. In this
>> example
>> I have a customer who is running an open resolver and have received a few
>> complaints now regarding it being used as part of a DDoS attack.
>>
>> My initial response was to inform the customer and ask them to fix it. Now
>> that its still ongoing over a month later, I'd like to take action to
>> remediate the issue myself with ACLs but our customer facing team is
>> pushing back and without an idea of what the industry best practice is,
>> management isn't sure which way to go.
>>
>> I'm hoping to get an idea of how others handle these cases so I can
>> develop
>> our formal policy on this and have management sign off and be able to take
>> quicker action in the future.
>>
>> Thanks,
>>
>> Jason
>>
>
>