In message <c7e435c6-344f-49cd-9152-7a9ef2fa6...@puck.nether.net>, Jared Mauch writes: > > On Apr 2, 2014, at 8:38 AM, Mark Allman <mall...@icir.org> wrote: > > > > > [catching up] > > > >> That's a good question, but I know that during the ongoing survey > >> within the Open Resolver Project [http://openresolverproject.org/], > >> Jared found thousands of CPE devices which responded as resolvers. > > > > Not thousands, *tens of millions*. > > > > Our estimate from mid-2013 was 32M such devices (detailed in an IMC > > paper last year; http://www.icir.org/mallman/pubs/SCRA13/). And, that > > roughly agrees with both the openresolverproject.org numbers and another > > (not public) study I know of. And, as if that isn't bad enough > > ... there is a 2010 IMC paper that puts the number at 15M. I.e., the > > instances of brokenness are getting worse---doubling in 3 years! UGH. > > One observation: The OpenResolverProject collects responses that come from > ports that the query was not sent to (ie: device responds from UDP/12345 > not > from UDP/53, which obviously is broken and doesn't "work", but they > actually > return DNS payload which can be used for abuse). > > Some good news though: > > http://openresolverproject.org/breakdown-graph1.cgi
I see axes, legend but no data points. If I hover over various spots on the graph I see data values pop up. > Since the start of 2014 there seem to be new CPE devices out there that > are resolving this issue. The linear nature of the line in the decrease > doesn't seem to be something like "ISPs" started blocking udp/53 to > customers, which would appear more like a step function. > > I'm aware of some other studies ongoing to fingerprint CPE and their > behaviors/aggregated resolver dependencies. I expect to see some of that > data presented at the upcoming DNS-OARC meeting in Warsaw. > > Getting everyone to update their firmware on devices would go a long way > as well. Some vendors have no software QA on this front so add/remove > the response on the WAN interface as their releases march forward. > > - Jared -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
