[161680] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Mar 25 10:53:26 2013
In-Reply-To: <51506317.5080409@ip-solutions.net>
From: Jared Mauch <jared@puck.nether.net>
Date: Mon, 25 Mar 2013 09:53:05 -0500
To: Harry Hoffman <hhoffman@ip-solutions.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I think if we get to that small number from tens of millions then we are in m=
uch better shape.=20
Closing them and setting up rate limiting on your authorities will go a long=
way.=20
Jared Mauch
On Mar 25, 2013, at 9:45 AM, Harry Hoffman <hhoffman@ip-solutions.net> wrote=
:
> What are those who provide open resolvers, such as google, doing to
> combat the problem?
>=20
> It would be nice to be able to provide open resolvers as a service and
> combat the various threats associated with them.
>=20
>=20
> Cheers,
> Harry
>=20
> On 03/25/2013 10:22 AM, Jared Mauch wrote:
>> All,
>>=20
>> Open resolvers pose a security threat. I wanted to let everyone know abo=
ut a search tool that can help you find the ones within your organization. T=
reat it like a big "BETA" stamp is across it, but please try it out and see i=
f you can close down any hosts within your network.
>>=20
>> This threat is larger than the SMURF amplification attacks in the past an=
d can result in some quite large attacks. I've seen this spilling out into o=
ther mailing lists (e.g.: juniper-nap and others).
>>=20
>> Please send feedback about links that should be included or documentation=
and spelling errors to me.
>>=20
>> openresolverproject.org
>>=20
>> Some basic stats:
>>=20
>> 27 million resolvers existed as of this dataset collection
>>=20
>> only 2.1 million of them were "closed".
>>=20
>> We have a lot to do to close the hosts, please do what you can to help.
>>=20
>> Thanks,
>>=20
>> - Jared
>>=20
>>=20
