mailing list archives
Re: Open Resolver Problems
From: Jared Mauch <jared () puck nether net>
Date: Mon, 1 Apr 2013 09:44:41 -0400
On Mar 31, 2013, at 11:16 PM, Valdis.Kletnieks () vt edu wrote:
On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
On 3/29/13, Scott Noel-Hemming <frogstarr78 () gmail com> wrote:
Some of us have both publicly-facing authoritative DNS, and inward
facing recursive servers that may be open resolvers but can't be
found via NS entries (so the IP addresses of those aren't exactly
publicly available info).
Sounds like your making the faulty assumption that an attacker would use
normal means to find your servers.
A distributed scan of the entire IPv4 <SNIP>
Stop right there.
Anybody who is looking at this as an IPv4 issue is woefully misinformed
about the nature of the problem.
IPv4 it's easy to collect an inventory (the math works). IPv6, not nearly as easy.
- Re: Open Resolver Problems Jared Mauch (Apr 01)