On Mar 31, 2013, at 5:09 PM, Jimmy Hess <mysi...@gmail.com> wrote: > On 3/29/13, Scott Noel-Hemming <frogstar...@gmail.com> wrote: >>> Some of us have both publicly-facing authoritative DNS, and inward >>> facing recursive servers that may be open resolvers but can't be >>> found via NS entries (so the IP addresses of those aren't exactly >>> publicly available info). >> Sounds like your making the faulty assumption that an attacker would use >> normal means to find your servers. > > A distributed scan of the entire IPv4 space for all internet IPs > running open DNS servers is fairly doable; actually a long term scan > taking 100 to 200 days of continuous DNS scanning is completely > trivial.
I updated the openresolverproject.org data in less than 8 hours. The system would scan 1.0.0.0 , 1.0.0.1 … in sequence. Next time it runs, it's going to use a slightly different method which may expose a few more servers. The 2013-Mar-31 data showed: 2,471,484 servers returned refused. (369k change downward) 20,675,738 with correct answer in packet. If I extrapolate 369k/week closing, everything will be closed in about a year. (Compared to 2.1 mil refused the week before; compared to 21.4 Million with correct answer in packet the week before). I know many people are working on their respective hosts and/or network to close things down. Many thanks to everyone that is treating this as a critical issue to close these hosts. - jared
