[161814] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Alain Hebert)
Wed Mar 27 09:24:03 2013
Date: Wed, 27 Mar 2013 09:23:47 -0400
From: Alain Hebert <ahebert@pubnix.net>
To: nanog@nanog.org
In-Reply-To: <5152EA72.5030203@foobar.org>
Reply-To: ahebert@pubnix.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Little bit of fun with http://bindguard.activezone.de/
This little example with an open resolver with only 200 queries a
minute...
The following list show the # of queries made followed by the query
in question.
False positive:
69.x.x.x
2 a1.mzstatic.com IN A +
2 a1001.phobos.apple.com IN A +
1153 a.root-servers.net IN A +
^- 1153 root queries under 10s... from a small office...
Old uncontrolled botnet:
5.x.x.141
1020 isc.org IN ANY +ED
64.x.x.22
1440 isc.org IN ANY +ED
64.x.x.82
1075 isc.org IN ANY +ED
64.x.x.50
1011 isc.org IN ANY +ED
64.x.x.242
1103 isc.org IN ANY +ED
This result come from my cheap scripts(tm) and bindguard.
If anyone wish to try it I can provide you with some support files
and examples.
Just contact me offlist. PS: It will be later today...
Enjoy today's drama.
-----
Alain Hebert ahebert@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
