[187803] in North American Network Operators' Group
Re: Thank you, Comcast.
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Fri Feb 26 11:32:50 2016
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: nanog@nanog.org
Date: Fri, 26 Feb 2016 23:30:31 +0700
In-Reply-To: <848464982.14027.1456503347620.JavaMail.mhammett@ThunderFuck>
Errors-To: nanog-bounces@nanog.org
On 26 Feb 2016, at 23:15, Mike Hammett wrote:
> I think you'd be hard pressed to find more than a tenth of a percent
> of people attempt to run their own DNS server.
You'll find a heck of a lot more of them doing so unknowingly, because
they're running misconfigured, abusable CPE devices which can be
leveraged by attackers to launch DNS reflection/amplification attacks.
Note that outbound/crossbound DDoS attacks can have just as much of a
negative impact on availability as inbound DDoS attacks; even more, when
multiple attackers are abusing the same reflectors/amplifiers (which is
often the case).
And even that small tenth of a percent who're deliberately running their
own DNS servers can end up inadvertently causing disruption if they're
running those DNS servers as open recursors.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
