[nsp-sec] 700K Open Resolver List
Stephen Gill
gillsr at cymru.com
Mon Apr 13 16:52:46 EDT 2009
It should be fairly easy to confirm the Ips in your network by doing
dig-like queries against the resolvers.
-- steve
On 4/13/09 1:41 PM, "Vidar Østmo" <vidar.ostmo at ventelo.no> wrote:
> ----------- nsp-security Confidential --------
>
>
>
>>> Hi Team,
>>>
>>> I took a somewhat restrictive view of the pcaps we have and parsed out about
>>> 700K open resolvers used in the latest DNS amplifier attack across ~10K
>>> ASNs. I believe there were closer to 1 Million total.
>
> Ack for 2116 and 3307 .
>
> I would appreciate to get a small sample of the pcap retrieved if possible ,
> offlist is fine. The amount of affected hosts on some of our subnets are so
> high that i find it strange to be populated with so many open resolvers.
>
> Best Regards
> Vidar Østmo - Technology - BaneTele AS
> asn 2116/3307 - vidar.ostmo at ventelo.no - Tel:+47 47 9000 97
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 630 230 5423 | gillsr at cymru.com
More information about the nsp-security
mailing list