On Thu, 18 Apr 2013, Graham Beneke wrote:
The number of times that DNSmasq is listed near the top is consistent
with some of the recent DoS incidents that I've seen on my network. It
seems that a number of CPE vendors have DNSmasq running without any kind
ACL.
What happened during the incidents
On 4/16/13 12:58 PM, "Jared Mauch" wrote:
>There is plenty of hope. I've seen the following actions taken:
Agree. We at Comcast in the US are looking closely at this. We recently
finished blocking SNMP for example
(http://www.bitag.org/report-snmp-ddos-attacks.php), following similar
amplificat
Hello Vernon,
On Apr 16, 2013, at 17:58 , Vernon Schryver wrote:
>> From: Jared Mauch
>
>> Check out the breakdown.html page ...
>
>2013-04-14 results
>
>34030764 servers responded to our udp/53 probe
>914175 servers responded from a different IP than probed
>27773382 gave th
Hi All
On 16/04/2013 14:21, Jared Mauch wrote:
> I took the latest 'Open Resolver' list and queried the hosts another time
> with a version.bind query.
>
> You can view the results here:
>
> http://openresolverproject.org/version.bind.report.txt
The number of times that DNSmasq is listed near
I'm going to automate some graphs 'soon'.
As I mentioned here and elsewhere, the methodology has been tweaked slightly in
the past few weeks and has exposed a few more than the last week.
The last change is happening on 4-21. I'm going to start showing more data,
but my time has been limited d
On 16 Apr 2013, at 15:39, Roy Arends wrote:
> Interesting list. I assume that some resolvers are actually happy to try and
> resolve version.bind chaos txt on your behalf, and so you might see the
> version.bind response from either the IANA roots or some alternative servers.
I've seen CPE pr
Jared,
I did a very similar tracking of number of open recursive DNS Servers for my
"pet wireless ISP".
We reduced the # of ORNs from ~ 260 to 7 in half a year.
So, these things are possible!
http://ormon.funkfeuer.at/
http://ormon.funkfeuer.at/stats.png
I have a feature request for openresolv
Vernon,
On Apr 16, 2013, at 11:58 AM, Vernon Schryver wrote:
>> From: Jared Mauch
>
>> Check out the breakdown.html page ...
>
>2013-04-14 results
>
>34030764 servers responded to our udp/53 probe
>914175 servers responded from a different IP than probed
>27773382 gave the '
On Tue, Apr 16, 2013 at 02:57:40PM +0200, abang wrote:
> > http://openresolverproject.org/version.bind.report.txt
>
> 31146 'PowerDNS Recursor 3.5 $Id: pdns_recursor.cc 3153 2013-04-09
> 15:09:32Z ahu $'
>
> Wow, yesterday released! (http://wiki.powerdns.com/trac/changeset/3156)
"Install in ha
> From: Jared Mauch
> Check out the breakdown.html page ...
2013-04-14 results
34030764 servers responded to our udp/53 probe
914175 servers responded from a different IP than probed
27773382 gave the 'correct' answer to my A? for the DNS name queried.
13721271 responded fr
Was this with RD bit set ?
In that case you will frequently get the "forward target" of the open
"resolver"
some times when you ask twice you get different answers :-)
Olafur
On Apr 16, 2013, at 8:21 AM, Jared Mauch wrote:
> Greetings,
>
> I took the latest 'Open Resolver' list an
On Apr 16, 2013, at 10:39 AM, Roy Arends wrote:
> On Apr 16, 2013, at 1:21 PM, Jared Mauch wrote:
>
>> Greetings,
>>
>> I took the latest 'Open Resolver' list and queried the hosts another time
>> with a version.bind query.
>>
>> You can view the results here:
>>
>> http://openresolverproj
On Apr 16, 2013, at 7:46 AM, Joe Abley wrote:
> Is there actually any resolver that will do a recursive lookup for a CH class
> query?
dnsmasq-1.17 and earlier forward VERSION.BIND queries. I believe it probably
just
ignores the class. It was fixed in 1.18 ca. Nov 2003.
DW
_
Joe Abley wrote:
> Is there actually any resolver that will do a recursive lookup for a CH class
> query?
>
> Where would they find a delegation? There are no CH class hints to use..
some dns protocol agents ignore the class field. so the roots would see
these queries, and answer them NXDOMAIN.
On Apr 16, 2013, at 3:46 PM, Joe Abley wrote:
>
> On 2013-04-16, at 10:39, Roy Arends wrote:
>
>> Interesting list. I assume that some resolvers are actually happy to try and
>> resolve version.bind chaos txt on your behalf, and so you might see the
>> version.bind response from either the I
On 2013-04-16, at 10:39, Roy Arends wrote:
> Interesting list. I assume that some resolvers are actually happy to try and
> resolve version.bind chaos txt on your behalf, and so you might see the
> version.bind response from either the IANA roots or some alternative servers.
Is there actually
On Apr 16, 2013, at 1:21 PM, Jared Mauch wrote:
> Greetings,
>
> I took the latest 'Open Resolver' list and queried the hosts another time
> with a version.bind query.
>
> You can view the results here:
>
> http://openresolverproject.org/version.bind.report.txt
Interesting list. I assume tha
On Tue, Apr 16, 2013 at 2:00 PM, Simon Munton
wrote:
> On 16/04/2013 13:37, Phil Regnauld wrote:
>>
>> skbroadband is interesting.
>
>
> Is that Sky B/B?
Nope = South Korea Broadband - http://www.skbroadband.com/eng/index.asp
>
> ___
> dns-opera
On 16/04/2013 13:37, Phil Regnauld wrote:
skbroadband is interesting.
Is that Sky B/B?
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://l
http://openresolverproject.org/version.bind.report.txt
31146 'PowerDNS Recursor 3.5 $Id: pdns_recursor.cc 3153 2013-04-09
15:09:32Z ahu $'
Wow, yesterday released! (http://wiki.powerdns.com/trac/changeset/3156)
___
dns-operations mailing list
dns-o
On Tue, Apr 16, 2013 at 08:43:33AM -0400,
Joe Abley wrote
a message of 13 lines which said:
> 'The name is Bind, James Bind'
Slightly better, in the same list, "My named is Bind, James Bind"
___
dns-operations mailing list
dns-operations@lists.dns-o
On 2013-04-16, at 08:37, Phil Regnauld wrote:
> My favorite: 2 ' COMMODORE 64 BASIC V2 '
'The name is Bind, James Bind'
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman
On 2013-04-16, at 08:37, Phil Regnauld wrote:
> Does an NS fingerprinting tool of sorts exist ?
https://github.com/kirei/fpdns
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-ope
Jared Mauch wrote:
>
> Greetings,
>
> I took the latest 'Open Resolver' list and queried the hosts another time
> with a version.bind query.
>
> You can view the results here:
>
> http://openresolverproject.org/version.bind.report.txt
My favorite: 2 ' COMMODORE 64 B
On Tue, Apr 16, 2013 at 08:21:14AM -0400,
Jared Mauch wrote
a message of 15 lines which said:
> You can view the results here:
>
> http://openresolverproject.org/version.bind.report.txt
'BIND 8.3.3'
If it's true, it's a collector's edition...
___
Greetings,
I took the latest 'Open Resolver' list and queried the hosts another time with
a version.bind query.
You can view the results here:
http://openresolverproject.org/version.bind.report.txt
- jared
___
dns-operations mailing list
dns-operatio
26 matches
Mail list logo
