On 4/16/13 12:58 PM, "Jared Mauch" <[email protected]> wrote:
>There is plenty of hope. I've seen the following actions taken: Agree. We at Comcast in the US are looking closely at this. We recently finished blocking SNMP for example (http://www.bitag.org/report-snmp-ddos-attacks.php), following similar amplification attacks using that protocol and abusing customer owned equipment that has SNMP on by default. However, mitigating tactics take time to plan & execute in large networks of course. >a) Hosting providers emailed customer base, said close your open resolver >or we shut your host >b) ISPs have implemented spoofing filters. NTT is one of them that has >cranked the filters up as a result (at least on static routed customers). >c) National CERTs have contacted the project and obtained lists of >hosts/machines in their control. >d) LARGE ISPs have contacted for lists of resolvers, including at least >one major provider in the US. >e) At least one ISP today emailed me about their former customers >freaking out when they were notified of upcoming DNS server changes which >might impact them (people restricting or closing open resolvers). > >I certainly understand the concerns here regarding mitigation and >outreach, but things are happening. > >My changes in measurement technique aren't helping accurately measure >this, but there should be some good data in the next few weeks as I've >made the last tweak. The good news is the # of folks returning REFUSED >keeps going up. Which is one reason it will be *really* interesting to see the numbers charted over time, so we can observe what the trends are. I'm sure a savvy researcher may even find enough interesting data to write a paper or two. ;-) Jason PS - This is a good project website and overall effort -- keep it up! > >- Jared _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
