Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsICT Policies and RegulationTime to name and shame open DNS resolvers?


600 posts

Ultimate Geek
+1 received by user: 5

Trusted

Topic # 115523 28-Mar-2013 15:01
Send private message

So, a 300Gbps DoS attack.  Biggest ever.  So big, it caused problems at the large interexchange points in tier one carriers.

For more information on the attack, CloudFlare has some excellent information. 

http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet

The HackerNews discussion also indicates that some ADSL modems forward DNS requests to the internal network through NAT, so you should check if your IP address is in the list of open resolvers if you're running a DNS server:

http://dns.measurement-factory.com/surveys/openresolvers.html

There are many NZ organisations on the list of open resolvers.  Perhaps we should think about naming and shaming them?

http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html




---
http://blog.jason.pollock.ca

Create new topic
Infrastructure Geek
4056 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  Reply # 788813 28-Mar-2013 17:08
Send private message

according to the article I read (http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie), this not only did NOT break the internet, it barely even registered.

but back to the original reason for the post.... yeah, probably a good idea to fix the DNS problem this way. Its been around way too long now.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs



600 posts

Ultimate Geek
+1 received by user: 5

Trusted

  Reply # 788875 28-Mar-2013 18:56
Send private message

Nifty, I hadn't seen that article, only RadioNZ and the NYTimes.

Still, it's interesting to see some rather large names in NZ IT with their IP ranges listed in the open relay list.




---
http://blog.jason.pollock.ca



600 posts

Ultimate Geek
+1 received by user: 5

Trusted

  Reply # 789155 29-Mar-2013 11:02
Send private message

More information. Looks like the IP addresses at some IX points were globally routable, which allowed them to be individually attacked.

http://cluepon.net/ras/gizmodo




---
http://blog.jason.pollock.ca

BDFL - Memuneh
61329 posts

Uber Geek
+1 received by user: 12071

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 789159 29-Mar-2013 11:05
Send private message

There's a discussion about this already including my reply that this whole thing was just a marketing exercise really.

This topic here seems to be about open DNS responders management, not about "the event".




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure  | Business Transformation | Enterprise Content Management | Customer Relationship Management

 

 



600 posts

Ultimate Geek
+1 received by user: 5

Trusted

  Reply # 789305 29-Mar-2013 16:29
One person supports this post
Send private message

Yes, looking at the list in the research, there are a lot of organisations in NZ that should know better.  Hence, should we name and shame them?  I'm talking about orgs that aren't known as ISPs...




---
http://blog.jason.pollock.ca

Mad Scientist
19012 posts

Uber Geek
+1 received by user: 2469

Trusted
Lifetime subscriber

  Reply # 789321 29-Mar-2013 17:40
Send private message

erm ... someone needs to speak english :D

BDFL - Memuneh
61329 posts

Uber Geek
+1 received by user: 12071

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 789343 29-Mar-2013 18:47
Send private message

If you know of any open DNS responders that shouldn't be, let us know sure.




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure  | Business Transformation | Enterprise Content Management | Customer Relationship Management

 

 



600 posts

Ultimate Geek
+1 received by user: 5

Trusted

  Reply # 789469 30-Mar-2013 00:07
Send private message

freitasm: If you know of any open DNS responders that shouldn't be, let us know sure.


http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html

"fgrep -i NZ latest.html" and then pruning out the obviously non-New Zealand organisations, produces

count |  asn   |                             name
26 | 9889 | MAXNET-NZ-AP Auckland
25 | 4770 | ASIAONLINENZ-AS-AP Asia Online New Zealand
20 | 4768 | CLIX-NZ TelstraClear Ltd
15 | 4648 | NZIX-2 Netgate
13 | 17746 | ORCONINTERNET-NZ-AP Orcon Internet
10 | 23655 | SNAP-NZ-AS Snap Internet Limited
7 | 9790 | CALLPLUS-NZ-AP CallPlus Services Limited
6 | 9431 | AKUNI-NZ The University of Auckland
5 | 17916 | CSC-IGN-AUNZ-AP Computer Sciences Corporation
2 | 9245 | COMPASS-NZ-AP COMPASS NZ
2 | 45459 | WEB-DRIVE-NZ-AS-AP Web Drive Limited
2 | 24347 | INTERGEN-WGTN-AS-NZ Intergen Limted. Internet Service Provid
2 | 4771 | NZTELECOM Netgate
2 | 9872 | ITNET-NZ-AS-AP ITNet Ltd
2 | 18021 | UNINET-AS-AP Unisys NZ, IT Outsourcer,
1 | 45215 | ONENET-AS-NZ OneNet Limited.
1 | 36962 | MTNZ-AS
1 | 45138 | CPIT-NZ-AS-AP Christchurch Polytechnic Institute
1 | 38477 | UNLEASH-AS-NZ-AP Unleash Computers Ltd,
1 | 17435 | WXC-AS-NZ WorldxChange
1 | 23934 | TURNSTONE-NZ-AS-AP Turnstone Technologies LTD NZ AS
1 | 24111 | NZWIRELESS-CO-NZ-AS-AP nzwireless LTD




---
http://blog.jason.pollock.ca



600 posts

Ultimate Geek
+1 received by user: 5

Trusted

  Reply # 789470 30-Mar-2013 00:08
Send private message

joker97: erm ... someone needs to speak english :D


DNS servers which are connected to the Internet should not allow arbitrary clients to perform recursive queries.  Basically, they shouldn't act as a general DNS server for the wider Internet.  If they do, they can be used in a DoS attack.

http://dns.measurement-factory.com/surveys/openresolvers.html




---
http://blog.jason.pollock.ca

538 posts

Ultimate Geek
+1 received by user: 52

Trusted
Internet by Design

  Reply # 789471 30-Mar-2013 00:33
Send private message

jpollock:
freitasm: If you know of any open DNS responders that shouldn't be, let us know sure.


http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html

"fgrep -i NZ latest.html" and then pruning out the obviously non-New Zealand organisations, produces

count |  asn   |                             name
26 | 9889 | MAXNET-NZ-AP Auckland
25 | 4770 | ASIAONLINENZ-AS-AP Asia Online New Zealand
20 | 4768 | CLIX-NZ TelstraClear Ltd
15 | 4648 | NZIX-2 Netgate
13 | 17746 | ORCONINTERNET-NZ-AP Orcon Internet
10 | 23655 | SNAP-NZ-AS Snap Internet Limited
7 | 9790 | CALLPLUS-NZ-AP CallPlus Services Limited
6 | 9431 | AKUNI-NZ The University of Auckland
5 | 17916 | CSC-IGN-AUNZ-AP Computer Sciences Corporation
2 | 9245 | COMPASS-NZ-AP COMPASS NZ
2 | 45459 | WEB-DRIVE-NZ-AS-AP Web Drive Limited
2 | 24347 | INTERGEN-WGTN-AS-NZ Intergen Limted. Internet Service Provid
2 | 4771 | NZTELECOM Netgate
2 | 9872 | ITNET-NZ-AS-AP ITNet Ltd
2 | 18021 | UNINET-AS-AP Unisys NZ, IT Outsourcer,
1 | 45215 | ONENET-AS-NZ OneNet Limited.
1 | 36962 | MTNZ-AS
1 | 45138 | CPIT-NZ-AS-AP Christchurch Polytechnic Institute
1 | 38477 | UNLEASH-AS-NZ-AP Unleash Computers Ltd,
1 | 17435 | WXC-AS-NZ WorldxChange
1 | 23934 | TURNSTONE-NZ-AS-AP Turnstone Technologies LTD NZ AS
1 | 24111 | NZWIRELESS-CO-NZ-AS-AP nzwireless LTD



The problem with most on those list is that they're service providers so it's entirely possible that it's their customers that have the open resolvers...




Ask me about Wordpress and Web Servers

 

 

 

Internet by Design

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.