[nsp-sec] 700K Open Resolver List
Gabriel Iovino
giovino at ren-isac.net
Mon Apr 13 15:31:29 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephen Gill wrote:
> I took a somewhat restrictive view of the pcaps we have and parsed out about
> 700K open resolvers used in the latest DNS amplifier attack across ~10K
> ASNs. I believe there were closer to 1 Million total.
>
> You can find the data split up by ASN here:
>
> https://www.cymru.com/nsp-sec/Owned/recursive3/
We just sent sanitized notifications to ~178 institutions about 1138
open resolvers. We removed any ack'd ASN's before 2009-04-13 ~9:00AM GMT-4.
You will find the full list IPs that we notified on here:
https://asn.cymru.com/nsp-sec/upload/1239650064.whois.txt
Note: you will see some commercial entities in that list but we very
rarely notify a commercial provider. In almost all cases we notified a
upstream or downstream entity that is a .edu/education-research network
provider/teaching hospital/etc.
Thank you.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAknjkxEACgkQwqygxIz+pTvyqwCfTkUqIKlONPJquX0sXN0kPB29
3HMAoICkIRNg+hRg9gEZsi4KcgQcpdG5
=VCFK
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list