[dns-operations] DNS deluge for x.p.ctrc.cc

Roland Dobbins rdobbins at cisco.com
Sun Feb 26 19:41:46 UTC 2006


We should get Dan Kaminsky and Mike Schiffman on this list, if  
they've the cycles to and interest in participating - they've  
identified close to 580K open resolvers via their DNS research,  
outlined here:

http://deluvian.doxpara.com/

http://www.doxpara.com/

I'll ask them if they're interested in joining.

I'm waiting for the latest iteration of Dan's talk he gave at  
ShmooCon this past January to be posted online, he gives lots of  
numbers and examples, including odd 'hidden' relationships between  
DNS servers, amplification effects of 1000:1, etc.


On Feb 26, 2006, at 9:38 AM, Rob Thomas wrote:

> Hi, William.
>
> ] What is a rate of changes in those lists?
>
> Fairly high.  The miscreants behind most (if not all) of these
> attacks are scanning close to 24x7.
>
> ] And how do you delete nameservers or do you really test all 122k of
> ] them every so often to see if they are recursive?
>
> Our present systems depend on such revetting.  We revet those
> entries every seven days.  I'd say we'd want the same system
> in place for this feed.
>
> Thanks,
> Rob.
> -- 
> Rob Thomas
> Team Cymru
> http://www.cymru.com/
> ASSERT(coffee != empty);
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

      Everything has been said.  But nobody listens.

                    -- Roger Shattuck




More information about the dns-operations mailing list