[dns-operations] DNS deluge for x.p.ctrc.cc

Rodney Joffe rjoffe at centergate.com
Mon Feb 27 18:59:20 UTC 2006

On Feb 27, 2006, at 11:34 AM, brett watson wrote:

> On Feb 27, 2006, at 8:07 AM, Paul Vixie wrote:
>> shunning their networks or refusing to peer with them isn't an
>> option, since
>> the worst of them are the largest.
> that raises an interesting question.   from data collected on open,
> recursive name servers, does anyone have statistics on whether or not
> the majority offenders are large isp/colo-providers?  or are the
> majority offenders small enterprise/isp/colo/whatever?
> wrt to a "feed" to block access to known/recently abused recursive
> servers, i'm wondering if we'll have the same problem you mention
> above which is "shunning isn't an option because the worst offenders
> are too big/important".

As it turns out, in my recent experience, the largest offenders are  
actually the largest hosting companies, inadvertently. Apparently  
CPanel and Plesk, which are core to the virtual server world, is  
shipped preconfigured with open recursive servers.

And as it also turns out, these largest hosting providers have been  
the quickest to "fix" their systems, for the best of all reasons - $$$ 

One of the largest who I ended up visiting with was incredibly  
thankful for the data I provided, because during the two recent  
attacks I witnessed, the poor hosting provider saw a 1gb burst in  
bandwidth, that shot their 95% cost model to hell. They shut down  
every recursive server I was able to show them.

Interesting, ain't it? ;-)

> -b
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list