Thank you, Comcast.

• Previous message (by thread): Thank you, Comcast.
• Next message (by thread): Thank you, Comcast.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26 Feb 2016, at 23:15, Mike Hammett wrote:

> I think you'd be hard pressed to find more than a tenth of a percent 
> of people attempt to run their own DNS server.

You'll find a heck of a lot more of them doing so unknowingly, because 
they're running misconfigured, abusable CPE devices which can be 
leveraged by attackers to launch DNS reflection/amplification attacks.

Note that outbound/crossbound DDoS attacks can have just as much of a 
negative impact on availability as inbound DDoS attacks; even more, when 
multiple attackers are abusing the same reflectors/amplifiers (which is 
often the case).

And even that small tenth of a percent who're deliberately running their 
own DNS servers can end up inadvertently causing disruption if they're 
running those DNS servers as open recursors.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): Thank you, Comcast.
• Next message (by thread): Thank you, Comcast.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]