[161679] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Harry Hoffman)
Mon Mar 25 10:46:27 2013
Date: Mon, 25 Mar 2013 10:45:43 -0400
From: Harry Hoffman <hhoffman@ip-solutions.net>
To: nanog@nanog.org
In-Reply-To: <1BCE4663-EEB4-44EB-997F-906B232F41A1@puck.nether.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
What are those who provide open resolvers, such as google, doing to
combat the problem?
It would be nice to be able to provide open resolvers as a service and
combat the various threats associated with them.
Cheers,
Harry
On 03/25/2013 10:22 AM, Jared Mauch wrote:
> All,
>
> Open resolvers pose a security threat. I wanted to let everyone know about a search tool that can help you find the ones within your organization. Treat it like a big "BETA" stamp is across it, but please try it out and see if you can close down any hosts within your network.
>
> This threat is larger than the SMURF amplification attacks in the past and can result in some quite large attacks. I've seen this spilling out into other mailing lists (e.g.: juniper-nap and others).
>
> Please send feedback about links that should be included or documentation and spelling errors to me.
>
> openresolverproject.org
>
> Some basic stats:
>
> 27 million resolvers existed as of this dataset collection
>
> only 2.1 million of them were "closed".
>
> We have a lot to do to close the hosts, please do what you can to help.
>
> Thanks,
>
> - Jared
>
>
