[nsp-sec] DDoS traceback to identify open resolvers
Scott A. McIntyre
scott at howyagoin.net
Wed Jun 5 23:00:10 EDT 2013
Hi,
>
> Hi all.
>
> Would NSP/ISPs have any interest in a feed of DNS Amp DoS targets for use in traceback ? I was thinking how we might use the visibility we have at the enterprise level to help identify more open resolvers and the botnets that use them.
>
> Regards,
I would. I'm not fully certain how we could make the most use out of it yet, but, this is also an area of concern for us and if we have known targets it's a much bigger needle to go hunting for in a pretty massive haystack. Especially if the feed has really good date/time associated...
Regards,
Scott A. McIntyre
AS1221 Telstra
More information about the nsp-security
mailing list