Compte-tenu du danger de ces résolveurs ouverts, dénoncé depuis longtemps <http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html> <http://www.rfc-editor.org/rfc/rfc5358.txt>, et récemment illustré par l'attaque contre Spamhaus/Cloudflare, ce travail est l'occasion de se livre à une chasse aux résolveurs DNS ouverts sur votre réseau. Indiquez votre numéro d'AS à l'auteur et il vous indiquera les adresses dangereuses chez vous.
--------------------------- Liste de diffusion du FRnOG http://www.frnog.org/
--- Begin Message ---I've continued to update my dataset originally posted about two weeks ago. Please take a moment and review your CIDRs which may be running an open resolver. I've exposed one additional bit in the user-interface that may be helpful. Some DNS servers will respond with RCODE=0 (OK) but not provide recursion. nearly 90% of the servers in the database provide recursion. Some raw stats are also available via the 'breakdown' link on the main site. If you operate a DNS server, or have an internal group that does, please take a moment and review your networks. If you email me in private from a corporate address for your ASN, I can give you access to a per-ASN report. Due to a change in methodology, I have increased the number of servers observed from 27.2 million to 30.2 million hosts. 2013-04-07 results 30269218 servers responded to our udp/53 probe 731040 servers responded from a different IP than probed 25298074 gave the 'correct' answer to my A? for the DNS name queried. 13840790 responded from a source port other than udp/53 27145699 responses had recursion-available bit set. 2761869 returned REFUSED In addition, please do continue to deploy BCP-38 to prevent spoofing wherever possible. I know at $dayjob we have been auditing this and increased the number of customer interfaces that can not spoof. - Jared
--- End Message ---
