[nsp-sec] 118K Resolvers used in 10Gbps attack
Joel L. Rosenblatt
joel at columbia.edu
Fri Oct 11 10:17:57 EDT 2013
Hi,
We had 4 of those on Krista's list but not on the open resolver list
... it appears that you can configure a windows box so that it is not
an open resolver, but if the request is in it's cache, it will answer
anyway.
We are looking for the setting to fix this now ... if someone out
there knows that answer, I would appreciate a pointer
Thanks,
Joel
Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
On Fri, Oct 11, 2013 at 9:59 AM, Gabriel Iovino <giovino at ren-isac.net> wrote:
> ----------- nsp-security Confidential --------
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> We alerted on 342 that we verified to be an open resolver as of this
> morning. ~23 where observed to not be an open resolver (remediated or
> transient?)
>
> See attached for the full list.
>
> Stephen, I missed your ack and alerted on 3701 too. Sorry for the
> duplicate.
>
> Thank you!!
>
> Gabe
>
> - --
> Gabriel Iovino
> Principal Security Engineer, REN-ISAC
> http://www.ren-isac.net
> 24x7 Watch Desk +1(317)278-6630
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iEYEARECAAYFAlJYBEgACgkQwqygxIz+pTuBxgCgzXS+kuvzPHGXAnIUx2WW6dv7
> nbEAoOOvoLCMUrN6URdeABXdI/4wXhXC
> =RIdc
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list