Home page logo

nanog logo nanog mailing list archives

Re: Open Resolver Problems
From: Niels Bakker <niels=nanog () bakker net>
Date: Mon, 1 Apr 2013 22:19:31 +0200

On Apr 01, 2013, at 11:55 , "Milt Aitken" <milt () net2atlanta com> wrote:
Most of our DSL customers have modem/routers that resolve DNS externally.
And most of those have no configuration option to stop it.
So, we took the unfortunate step of ACL blocking DNS requests to & from the DSL network unless the requests are to our DNS servers.

Suboptimal, but it stopped the DNS amplification attacks.

Wow.  Glad I'm not a customer of yours.

* patrick () ianai net (Patrick W. Gilmore) [Mon 01 Apr 2013, 18:04 CEST]:
I was going to suggest exactly this.

Don't most broadband networks have a line in their AUP about running servers?

Huh?  No.  Thankfully.  Not all of us are mindless consumers.

        -- Niels.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]