Well,
I was going more for a public list of ISP that refuse to BCP38 their
networks.
But that's just me =D
On point: (If your corporation is massive enough)
Basically:
. Mirror DST Port 53;
. Write some software to stats who's spamming the same DST IP with
the same query;
. Dynamic ACL them;
then
. Give a talk to your customers =D
-----
Alain Hebert aheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 05/01/13 06:42, Jeff Wheeler wrote:
> On Tue, Apr 30, 2013 at 8:35 PM, Jared Mauch <ja...@puck.nether.net> wrote:
>> Please provide advice and insights as well as directing customers to the
>> openresolverproject.org website. We want to close these down, if you need an
>> accurate list of IPs in your ASN, please email me and I can give you very
>> accurate data.
> I think that a public list of open-resolvers is probably overdue, and
> the only way to get them fixed.
>
> It is trivial to scan the entire IPv4 address space for DNS servers
> that do no throttling even without the resources of a malicious
> botnet.
>
> Smurf was only "fixed" because, as there were fewer networks not
> running `no ip directed-broadcast,` the remaining amplification
> sources were flooded with huge amounts of malicious traffic. The
> public list of smurf amplifiers turned out to be the only way to
> really deal with it. I predict the same will be true with DNS.
>
