[AusNOG] Open Resolver Problems

Tom Paseka tom at cloudflare.com
Tue Mar 26 10:49:37 EST 2013

Hello AusNOG list.

This was posted to NANOG this morning. (sorry for the cross posting)

Please take a look at open recursors in your networks and clean them up.
Also, implement BCP-38 in your networks if not already.

I presented this at APRICOT in Singapore also last month:

 The open recursors have been used in pushing very large attacks.
Large enough to take sizable parts of the Internet offline.


---------- Forwarded message ----------
From: Jared Mauch <jared at puck.nether.net>
Date: Mon, Mar 25, 2013 at 7:22 AM
Subject: Open Resolver Problems
To: North American Operators' Group <nanog at nanog.org>


Open resolvers pose a security threat.  I wanted to let everyone know
about a search tool that can help you find the ones within your
organization. Treat it like a big "BETA" stamp is across it, but
please try it out and see if you can close down any hosts within your

This threat is larger than the SMURF amplification attacks in the past
and can result in some quite large attacks.  I've seen this spilling
out into other mailing lists (e.g.: juniper-nap and others).

Please send feedback about links that should be included or
documentation and spelling errors to me.


Some basic stats:

27 million resolvers existed as of this dataset collection

only 2.1 million of them were "closed".

We have a lot to do to close the hosts, please do what you can to help.


- Jared

More information about the AusNOG mailing list