[nsp-sec] Daily Reports Summary for week ending 2010-11-22
Tim Wilde
twilde at cymru.com
Mon Nov 22 10:37:37 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/22/2010 10:27 AM, Kevin Oberman wrote:
> Any reason for the huge jump in open resolvers yesterday? I am sure that
> there were not that many new ones created and can't possibly explain a
> just from about 100,000 to over 3 million, if I believe the plot on the
> open resolvers page:
> (https://www.cymru.com/nsp-sec/dailyreports/openresolvers.html)
>
> It looks far more dramatic than the numbers in this report:
> report UniqueIPs Change ASNs bogon noroute UniqueIPs ASNs
> Openresolver 3,587,046 +390.8% 18647 0 112 730,865 10111
>
> But, in either case, something seems to have sharply affected the
> numbers beyond a few million folks deciding to turn on DNS and not
> restricting access. over the course of a week. I have confirmed that the
> systems that just showed up yesterday in my reports are legitimate, so
> it is probably not a matter of false positives.
Hey Kevin & Teams,
Sorry, I forgot to explain this in my below-report commentary this week.
This is the result of a periodic full re-scanning of open resolvers.
Our normal scanning is the base line on the graphs, while those spikes
you see periodically are re-scans that are performed on a larger list.
So there wasn't a jump in open resolvers so much as a jump in detected
open resolvers, and even that wasn't a surprise, just a periodic
re-scanning. I hope this helps!
Regards,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkzqjkEACgkQluRbRini9tjZhACcD/xvL6CFAG7bey05vCDrLJ1L
BncAn3BcZ5XNEznB3/tzW33rbEEjU2Jl
=OoYs
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list