[170598] in North American Network Operators' Group
Re: new DNS forwarder vulnerability
daemon@ATHENA.MIT.EDU (Mark Allman)
Wed Apr 2 08:38:40 2014
To: Paul Ferguson <fergdawgster@mykolab.com>
From: Mark Allman <mallman@icir.org>
In-Reply-To: <53248184.7050404@mykolab.com>
Date: Wed, 02 Apr 2014 08:38:09 -0400
Cc: nanog@nanog.org
Reply-To: mallman@icir.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----------ma1197-1
Content-Type: text/plain
Content-Disposition: inline
[catching up]
> That's a good question, but I know that during the ongoing survey
> within the Open Resolver Project [http://openresolverproject.org/],
> Jared found thousands of CPE devices which responded as resolvers.
Not thousands, *tens of millions*.
Our estimate from mid-2013 was 32M such devices (detailed in an IMC
paper last year; http://www.icir.org/mallman/pubs/SCRA13/). And, that
roughly agrees with both the openresolverproject.org numbers and another
(not public) study I know of. And, as if that isn't bad enough
... there is a 2010 IMC paper that puts the number at 15M. I.e., the
instances of brokenness are getting worse---doubling in 3 years! UGH.
allman
----------ma1197-1
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
iEYEARECAAYFAlM8BLAACgkQWyrrWs4yIs7bHQCgi4EdVvi2kYLH/bTk/OxEdH6e
AiQAn3UIbmkRe6ilr2wl1PtaiqtPv1Ox
=VEcX
-----END PGP SIGNATURE-----
----------ma1197-1--
