[nsp-sec] search by asn
John Kristoff
jtk at cymru.com
Mon Apr 1 18:06:09 EDT 2013
On Thu, 28 Mar 2013 10:02:44 -0400
Gabriel Iovino <giovino at ren-isac.net> wrote:
> > It would be useful to be able to distinguish between "complete
> > recursion" and "just referral" in the results, when confronted with
> > a large list I can imagine I would want to prioritise and go for
> > the more urgent cases first.
>
> +1, if we get to request features :)
Hi folks,
We can probably do this for Team Cymru's open resolver data. It should
be fairly easy to implement on top of what we already have, but I'll
need a little time to carve out to make it happen. Initially I'm
envisioning something relatively rudimentary, such as entries have an
additional field that specifies the type of server detected to include:
open resolver
open forwarder
open referrer
closed (sends a DNS response, but no amplification)
Note, the open referrer might be what could be technically called an
open forwarding referrer, but I don't think I can detect the
difference. Presumably there could be a closed forwarder too, but not
only would I be unable to tell, I don't think we care.
If I'm missing something else you'd really like to see, let me know.
John
More information about the nsp-security
mailing list