There is no need to recant what is true. It remains true that it is
more difficult to find open recursors than to find authority servers.
It need not remain true, though, if you know of a better method. If you
have a method of finding open recursors that _is_ easier than I
described for authority servers, than you can refute my claim. I
suppose there _could_ be such a method, but I am unaware of any such
method, and you haven't identified one.
You've just wanted the 20000 recursors. The fact that you are not able
to find public DNS research is not my problem. I am not obligated to
help you find 20000 recursors, nor tell you where you can find such a
list.
The number of recursors found is irrelevant to the hardness of the
method of finding the recursors. Obtaining the recursors does not help
you dispute my claim that brute force is necessary to find recursors
that aren't also authority servers. It only provides you with a list of
open recursors. Your interest does not seem to be in the question of
the difficulty of finding recursors, but in obtaining the list already
found. I'm not going to help you with that.
The relevant question to the reflection attack is whether there is a
method of finding non-authority recursors that is easier than finding
authority servers. It could be the case that there is an easier method;
It could be that the researcher I noted used a harder method than
necessary. But to dispute the point, you need to identify the easier
method. There is no need to give you the list of recursors; and not
giving you the list of recursors doesn't disprove my point.
Further, from looking at google and blogs by Mr. Kaminsky and Mr.
Wessels, neither have proposed easier methods for finding recursors, or
anything about DNS beyond a blog entry. Indeed, I don't even have them
on my list of DNS researchers; I don't actually know who they are.
Wessels wrote a book on Squid and other unrelated work. Neither appears
to have done any research on DNS, though Kaminsky blogged about DNS
rebinding attacks.
--Dean
On Mon, 8 Oct 2007, John Kristoff wrote:
> dnsop,
>
> I tried to take it offlist with Dean Anderson, but I cannot seem to get
> very far. He has not recanted, corrected or otherwise provided any
> additional, verifiable evidence that would support this statement:
>
> 'At great effort, a DNS researcher has compiled a list of about 20000
> open recursors by brute force search of 3.7 billion IP addressses.'
>
> He did tell me:
>
> 'I think there are several people on the list who do know what
> researcher I'm talking about.'
>
> As many of you know, I've done this sort of work, have discovered many
> millions of resolvers and have presented the data in other forums. I
> don't need the list of 20,000 resolvers. :-) I am just interested in
> finding out what 'effort' and 'researcher' Dean Anderson is referring
> to.
>
> I know of of no such researcher or effort where his claim could possibly
> be legitimate. I know of Dan Kaminsky's work, Duane Wessels work and at
> least two other, mostly private efforts. None support his statement.
>
> I will surmise that Dean's claim is simply false unless evidence to the
> contrary arises. Thank you,
>
> John
>
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www1.ietf.org/mailman/listinfo/dnsop
>
>
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
