On Mar 31, 2013, at 11:16 PM, valdis.kletni...@vt.edu wrote: > On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said: >> On 3/29/13, Scott Noel-Hemming <frogstar...@gmail.com> wrote: >>>> Some of us have both publicly-facing authoritative DNS, and inward >>>> facing recursive servers that may be open resolvers but can't be >>>> found via NS entries (so the IP addresses of those aren't exactly >>>> publicly available info). >>> Sounds like your making the faulty assumption that an attacker would use >>> normal means to find your servers. >> >> A distributed scan of the entire IPv4 <SNIP> > > Stop right there. > > Anybody who is looking at this as an IPv4 issue is woefully misinformed > about the nature of the problem.
:) IPv4 it's easy to collect an inventory (the math works). IPv6, not nearly as easy. - Jared
