Home page logo
/

nanog logo nanog mailing list archives

Re: Open Resolver Problems
From: John Kristoff <jtk () cymru com>
Date: Tue, 2 Apr 2013 18:16:23 -0500

On Tue, 2 Apr 2013 18:41:17 -0400
Joe Abley <jabley () hopcount ca> wrote:

26/1000 is more than zero but still quite small. Subsequent samples
with bigger sizes give 332/100000, 3017/1000000.

No science here, but 2% - 3% is what it looks like, which is big
enough to be a noticeable support cost for a medium-scale provider if
the customer damage is not robo-mediated in some way (e.g. whitelist
known offenders to avoid the support phone glowing red when you first
turn it on).

Thanks Joe.  That is interesting.

I can only imagine that on the customer side there are queries coming
from something other than typical OS stub resolvers on unix and
Windows based hosts.  I suppose some sort of NAT/PAT box could account
for some of it, maybe more likely could be some common CPE forwarder
that uses that port by default.  If the latter, that might be
considered a serious enough risk that the vendor should address it if
they haven't already.

If no one else does, another side project I'll add to my list of things
to do on a rainy day.

John


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault