[nsp-sec] 700K Open Resolver List

David Freedman david.freedman at uk.clara.net
Fri Apr 10 20:12:15 EDT 2009 

ack 8426 and 34313,

notice that a number of DSL users on here which makes me think there is another piece of
cheap CPE on the market with an open recursor again (groan)

Will do some digging when back in the office next week 

Dave.


------------------------------------------------
David Freedman
Group Network Engineering 
Claranet Limited
http://www.clara.net



-----Original Message-----
From: nsp-security-bounces at puck.nether.net on behalf of Eli Dart
Sent: Sat 4/11/2009 01:09
To: Stephen Gill
Cc: NSP-SEC List
Subject: Re: [nsp-sec] 700K Open Resolver List
 
----------- nsp-security Confidential --------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ack 291,292,3152

		--eli


Stephen Gill wrote:
> ----------- nsp-security Confidential --------
> 
> Hi Team,
> 
> I took a somewhat restrictive view of the pcaps we have and parsed out about
> 700K open resolvers used in the latest DNS amplifier attack across ~10K
> ASNs.  I believe there were closer to 1 Million total.
> 
> You can find the data split up by ASN here:
> 
> https://www.cymru.com/nsp-sec/Owned/recursive3/
> 
> ASNs affected:
> 
> https://www.cymru.com/nsp-sec/Owned/recursive3/asns.txt
> 
> Please do not download the entire list and only fetch the ones you have
> control or influence over.
> 
> Comments/questions welcome & have a great weekend!
> 
> Cheers,
> -- steve
> 

- --
Eli Dart                                            NOC: (510) 486-7600
ESnet Network Engineering Group                          (800) 333-7638
Lawrence Berkeley National Laboratory
PGP Key fingerprint = C970 F8D3 CFDD 8FFF 5486 343A 2D31 4478 5F82 B2B3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknf38sACgkQLTFEeF+CsrNZyQCcD7luRuw3+WqQkFBcaoWuWcHR
ZVwAoMgpLzEc8Vh8wJVlVvBGsjZE9tHx
=YO3X
-----END PGP SIGNATURE-----


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

More information about the nsp-security mailing list