Hi Narelle,<div><br></div><div>Most of the DNS Reflection / Amplification problem isn't in a consumer level. While I did profile a few hundred consumer modem/routers, the bulk are running on actual servers.</div><div><br>
</div><div>With regards to the consumer modem changes - this is something that really needs to be done to protect things on many levels. Tens of Thousands of modems are out there, running in botnets.</div><div><br></div><div>
Cheers,</div><div>Tom</div><div><br><div class="gmail_quote">On Mon, Mar 25, 2013 at 11:48 PM, Narelle <span dir="ltr"><<a href="mailto:narellec@gmail.com" target="_blank">narellec@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
This one has me thinking: is there a need for more consumer guides on<br>
housekeeping for your home LAN?<br>
<br>
You may notice in the preso that there is a call for consumers to<br>
'upgrade their firmware' and 'disable WAN side administration'.<br>
<br>
All fun activities for the home user that can't even spell IP.<br>
<br>
Would any of you distribute them to your customers if we wrote them?<br>
<br>
<br>
Cheers<br>
<br>
<br>
Narelle<br>
<div class="HOEnZb"><div class="h5"><br>
On Tue, Mar 26, 2013 at 10:49 AM, Tom Paseka <<a href="mailto:tom@cloudflare.com">tom@cloudflare.com</a>> wrote:<br>
> Hello AusNOG list.<br>
><br>
> This was posted to NANOG this morning. (sorry for the cross posting)<br>
><br>
> Please take a look at open recursors in your networks and clean them up.<br>
> Also, implement BCP-38 in your networks if not already.<br>
><br>
> I presented this at APRICOT in Singapore also last month:<br>
> <a href="http://www.apricot2013.net/__data/assets/pdf_file/0009/58878/tom-paseka_1361839564.pdf" target="_blank">http://www.apricot2013.net/__data/assets/pdf_file/0009/58878/tom-paseka_1361839564.pdf</a><br>
><br>
> The open recursors have been used in pushing very large attacks.<br>
> Large enough to take sizable parts of the Internet offline.<br>
><br>
> Cheers,<br>
> Tom.<br>
><br>
><br>
> ---------- Forwarded message ----------<br>
> From: Jared Mauch <<a href="mailto:jared@puck.nether.net">jared@puck.nether.net</a>><br>
> Date: Mon, Mar 25, 2013 at 7:22 AM<br>
> Subject: Open Resolver Problems<br>
> To: North American Operators' Group <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
><br>
><br>
> All,<br>
><br>
> Open resolvers pose a security threat. I wanted to let everyone know<br>
> about a search tool that can help you find the ones within your<br>
> organization. Treat it like a big "BETA" stamp is across it, but<br>
> please try it out and see if you can close down any hosts within your<br>
> network.<br>
><br>
> This threat is larger than the SMURF amplification attacks in the past<br>
> and can result in some quite large attacks. I've seen this spilling<br>
> out into other mailing lists (e.g.: juniper-nap and others).<br>
><br>
> Please send feedback about links that should be included or<br>
> documentation and spelling errors to me.<br>
><br>
> <a href="http://openresolverproject.org" target="_blank">openresolverproject.org</a><br>
><br>
> Some basic stats:<br>
><br>
> 27 million resolvers existed as of this dataset collection<br>
><br>
> only 2.1 million of them were "closed".<br>
><br>
> We have a lot to do to close the hosts, please do what you can to help.<br>
><br>
> Thanks,<br>
><br>
> - Jared<br>
<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
<br>
<br>
Narelle<br>
<a href="mailto:narellec@gmail.com">narellec@gmail.com</a><br>
</font></span></blockquote></div><br></div>