[AusNOG] Open Resolver Problems

Tom Paseka tom at cloudflare.com
Tue Mar 26 17:58:44 EST 2013 

Hi Narelle,

Most of the DNS Reflection / Amplification problem isn't in a consumer
level. While I did profile a few hundred consumer modem/routers, the bulk
are running on actual servers.

With regards to the consumer modem changes - this is something that really
needs to be done to protect things on many levels. Tens of Thousands of
modems are out there, running in botnets.

Cheers,
Tom

On Mon, Mar 25, 2013 at 11:48 PM, Narelle <narellec at gmail.com> wrote:

> This one has me thinking: is there a need for more consumer guides on
> housekeeping for your home LAN?
>
> You may notice in the preso that there is a call for consumers to
> 'upgrade their firmware' and 'disable WAN side administration'.
>
> All fun activities for the home user that can't even spell IP.
>
> Would any of you distribute them to your customers if we wrote them?
>
>
> Cheers
>
>
> Narelle
>
> On Tue, Mar 26, 2013 at 10:49 AM, Tom Paseka <tom at cloudflare.com> wrote:
> > Hello AusNOG list.
> >
> > This was posted to NANOG this morning. (sorry for the cross posting)
> >
> > Please take a look at open recursors in your networks and clean them up.
> > Also, implement BCP-38 in your networks if not already.
> >
> > I presented this at APRICOT in Singapore also last month:
> >
> http://www.apricot2013.net/__data/assets/pdf_file/0009/58878/tom-paseka_1361839564.pdf
> >
> >  The open recursors have been used in pushing very large attacks.
> > Large enough to take sizable parts of the Internet offline.
> >
> > Cheers,
> > Tom.
> >
> >
> > ---------- Forwarded message ----------
> > From: Jared Mauch <jared at puck.nether.net>
> > Date: Mon, Mar 25, 2013 at 7:22 AM
> > Subject: Open Resolver Problems
> > To: North American Operators' Group <nanog at nanog.org>
> >
> >
> > All,
> >
> > Open resolvers pose a security threat.  I wanted to let everyone know
> > about a search tool that can help you find the ones within your
> > organization. Treat it like a big "BETA" stamp is across it, but
> > please try it out and see if you can close down any hosts within your
> > network.
> >
> > This threat is larger than the SMURF amplification attacks in the past
> > and can result in some quite large attacks.  I've seen this spilling
> > out into other mailing lists (e.g.: juniper-nap and others).
> >
> > Please send feedback about links that should be included or
> > documentation and spelling errors to me.
> >
> > openresolverproject.org
> >
> > Some basic stats:
> >
> > 27 million resolvers existed as of this dataset collection
> >
> > only 2.1 million of them were "closed".
> >
> > We have a lot to do to close the hosts, please do what you can to help.
> >
> > Thanks,
> >
> > - Jared
>
>
>
> --
>
>
> Narelle
> narellec at gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130325/56bb73e2/attachment.html>

More information about the AusNOG mailing list