Home page logo

nanog logo nanog mailing list archives

Re: Open Resolver Problems
From: Jared Mauch <jared () puck nether net>
Date: Mon, 1 Apr 2013 09:44:41 -0400

On Mar 31, 2013, at 11:16 PM, Valdis.Kletnieks () vt edu wrote:

On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
On 3/29/13, Scott Noel-Hemming <frogstarr78 () gmail com> wrote:
Some of us have both publicly-facing authoritative DNS, and inward
facing recursive servers that may be open resolvers but can't be
found via NS entries (so the IP addresses of those aren't exactly
publicly available info).
Sounds like your making the faulty assumption that an attacker would use
normal means to find your servers.

A distributed scan of the entire IPv4 <SNIP>

Stop right there.

Anybody who is looking at this as an IPv4 issue is woefully misinformed
about the nature of the problem.


IPv4 it's easy to collect an inventory (the math works).  IPv6, not nearly as easy.

- Jared

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]