[162021] in North American Network Operators' Group
Re: Open Resolver Problems
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Apr 1 09:49:33 2013
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <128114.1364786180@turing-police.cc.vt.edu>
Date: Mon, 1 Apr 2013 09:44:41 -0400
To: Valdis.Kletnieks@vt.edu
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 31, 2013, at 11:16 PM, Valdis.Kletnieks@vt.edu wrote:
> On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
>> On 3/29/13, Scott Noel-Hemming <frogstarr78@gmail.com> wrote:
>>>> Some of us have both publicly-facing authoritative DNS, and inward
>>>> facing recursive servers that may be open resolvers but can't be
>>>> found via NS entries (so the IP addresses of those aren't exactly
>>>> publicly available info).
>>> Sounds like your making the faulty assumption that an attacker would =
use
>>> normal means to find your servers.
>>=20
>> A distributed scan of the entire IPv4 <SNIP>
>=20
> Stop right there.
>=20
> Anybody who is looking at this as an IPv4 issue is woefully =
misinformed
> about the nature of the problem.
:)
IPv4 it's easy to collect an inventory (the math works). IPv6, not =
nearly as easy.
- Jared=
