Well, I was going more for a public list of ISP that refuse to BCP38 their networks. But that's just me =D On point: (If your corporation is massive enough) Basically: . Mirror DST Port 53; . Write some software to stats who's spamming the same DST IP with the same query; . Dynamic ACL them; then . Give a talk to your customers =D ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 05/01/13 06:42, Jeff Wheeler wrote:
Please provide advice and insights as well as directing customers to the openresolverproject.org website. We want to close these down, if you need an accurate list of IPs in your ASN, please email me and I can give you very accurate data. I think that a public list of open-resolvers is probably overdue, and
On Tue, Apr 30, 2013 at 8:35 PM, Jared Mauch <jared@puck.nether.net> wrote: the only way to get them fixed.
It is trivial to scan the entire IPv4 address space for DNS servers that do no throttling even without the resources of a malicious botnet.
Smurf was only "fixed" because, as there were fewer networks not running `no ip directed-broadcast,` the remaining amplification sources were flooded with huge amounts of malicious traffic. The public list of smurf amplifiers turned out to be the only way to really deal with it. I predict the same will be true with DNS.