Well, Why would you only go after them? Easier target to mitigate the problem? That might be just me, but I find those peers allowing their customers to spoof source IP addresses more at fault. PS: Some form of adaptive rate limitation works for it btw =D ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 03/25/13 12:14, Nick Hilliard wrote:
On 25/03/2013 15:54, Mattias Ahnberg wrote:
A list of 27 million open resolvers would be a pretty convenient input for miscreants who want to abuse them, I believe? I assume Jared & co doesn't want their collected work to be abused like that. http://nmap.org/nsedoc/scripts/dns-recursion.html http://monkey.org/~provos/dnsscan/
There are 224*2^24 possible unicast hosts, and a whole pile less which are routed on the DFZ.
I don't think that we can pretend that it's going to help if we hide this information under a stone and hope that people who are inclined to launch DNS DDoS attacks are dumb enough not to be able to figure out how to use these tools.
Highlighting the situation and getting operators to do something will help fix the problem.
Nick