[nsp-sec] battling open resolvers - 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6
Steve Colam
sjc at eng.gxn.net
Thu Apr 11 05:27:53 EDT 2013
Hi Folks,
We'll I've just done a version lookup on the 5413 & 31290
data and something interesting has come up:
dig +time=0 +tries=1 +retry=0 @<host> -c CH -t txt version.bind
There are 5957 hosts currently listed (I've ignored the live timestamp)
For the hosts that didn't time out, this is a uniq -c | sort -rn | head -10
on the version data:
927 "9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6"
83 "Unsupported on this platform"
51 "PowerDNS Recursor 3.2 $Id: pdns_recursor.cc 1538 2010-03-06 11:39:03Z ahu $"
40 "dnsmasq-2.52"
36 "Microsoft DNS 6.1.7601 (1DB14556)"
32 "Microsoft DNS 6.0.6002 (1772487D)"
31 "Nominum Vantio 5.2.0.1"
24 "9.2.4"
21 "ZyWALL DNS"
13 "Microsoft DNS 6.1.7600 (1DB04228)"
So - looks like we have a Redhat problem with default open resolvers.... based
on our data, if we can get this RedHat resolver fixed, then 15% of the hosts
are removed... a serious result if that applies to the rest of the open resolvers
at large on the intertubes.
Does anyone have a contact at Redhat we can reach out to ?
Jared - can you share where you are getting your data from please and your
thoughts on why it does not align with the Cymru data ? Also, is there an
option to include some fingerprint info so we can look for other similar
large quick wins ?
Cheers,
Steve @ AS5413
>>>>> On Mon, 2013-03-25 at 09:54 -0400, Jared Mauch wrote:
>>>>>> ----------- nsp-security Confidential --------
>>>>>>
>>>>>> I have launched a public webpage for trying to close
>>>>>> the open resolvers down. please provide me feedback
>>>>>> in private, but check out the site here:
>>>>>>
>>>>>> openresolverproject.org
>>>>>>
>>>>>> This is free to share, as we are looking to get some
>>>>>> of these IPs closed down. We saw about 300G last night, so
>>>>>> doing your part to help here is valuable...
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> - Jared
More information about the nsp-security
mailing list