[AusNOG] Open Resolver Problems

Narelle narellec at gmail.com
Tue Mar 26 17:48:44 EST 2013


This one has me thinking: is there a need for more consumer guides on
housekeeping for your home LAN?

You may notice in the preso that there is a call for consumers to
'upgrade their firmware' and 'disable WAN side administration'.

All fun activities for the home user that can't even spell IP.

Would any of you distribute them to your customers if we wrote them?


Cheers


Narelle

On Tue, Mar 26, 2013 at 10:49 AM, Tom Paseka <tom at cloudflare.com> wrote:
> Hello AusNOG list.
>
> This was posted to NANOG this morning. (sorry for the cross posting)
>
> Please take a look at open recursors in your networks and clean them up.
> Also, implement BCP-38 in your networks if not already.
>
> I presented this at APRICOT in Singapore also last month:
> http://www.apricot2013.net/__data/assets/pdf_file/0009/58878/tom-paseka_1361839564.pdf
>
>  The open recursors have been used in pushing very large attacks.
> Large enough to take sizable parts of the Internet offline.
>
> Cheers,
> Tom.
>
>
> ---------- Forwarded message ----------
> From: Jared Mauch <jared at puck.nether.net>
> Date: Mon, Mar 25, 2013 at 7:22 AM
> Subject: Open Resolver Problems
> To: North American Operators' Group <nanog at nanog.org>
>
>
> All,
>
> Open resolvers pose a security threat.  I wanted to let everyone know
> about a search tool that can help you find the ones within your
> organization. Treat it like a big "BETA" stamp is across it, but
> please try it out and see if you can close down any hosts within your
> network.
>
> This threat is larger than the SMURF amplification attacks in the past
> and can result in some quite large attacks.  I've seen this spilling
> out into other mailing lists (e.g.: juniper-nap and others).
>
> Please send feedback about links that should be included or
> documentation and spelling errors to me.
>
> openresolverproject.org
>
> Some basic stats:
>
> 27 million resolvers existed as of this dataset collection
>
> only 2.1 million of them were "closed".
>
> We have a lot to do to close the hosts, please do what you can to help.
>
> Thanks,
>
> - Jared



-- 


Narelle
narellec at gmail.com



More information about the AusNOG mailing list