[dns-operations] DNS deluge for x.p.ctrc.cc
Rodney Joffe
rjoffe at centergate.com
Mon Feb 27 18:59:20 UTC 2006
On Feb 27, 2006, at 11:34 AM, brett watson wrote:
>
> On Feb 27, 2006, at 8:07 AM, Paul Vixie wrote:
>
>> shunning their networks or refusing to peer with them isn't an
>> option, since
>> the worst of them are the largest.
>
> that raises an interesting question. from data collected on open,
> recursive name servers, does anyone have statistics on whether or not
> the majority offenders are large isp/colo-providers? or are the
> majority offenders small enterprise/isp/colo/whatever?
>
> wrt to a "feed" to block access to known/recently abused recursive
> servers, i'm wondering if we'll have the same problem you mention
> above which is "shunning isn't an option because the worst offenders
> are too big/important".
As it turns out, in my recent experience, the largest offenders are
actually the largest hosting companies, inadvertently. Apparently
CPanel and Plesk, which are core to the virtual server world, is
shipped preconfigured with open recursive servers.
And as it also turns out, these largest hosting providers have been
the quickest to "fix" their systems, for the best of all reasons - $$$
$$$.
One of the largest who I ended up visiting with was incredibly
thankful for the data I provided, because during the two recent
attacks I witnessed, the poor hosting provider saw a 1gb burst in
bandwidth, that shot their 95% cost model to hell. They shut down
every recursive server I was able to show them.
Interesting, ain't it? ;-)
>
> -b
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
>
More information about the dns-operations
mailing list