[sdnog] Understanding the Origins of Anomalous Open DNS Resolvers
Nishal Goburdhan
nishal at controlfreak.co.za
Mon Mar 16 14:52:45 SAST 2015
On 16 Mar 2015, at 14:35, Frank Habicht <geier at geier.ne.tz> wrote:
>
> Hi,
>
> On 3/8/2015 2:32 PM, Nishal Goburdhan wrote:
>> one ISP that i know in ZA, actively scans its consumer base,
>> including some of its colocation environments as a way to
>> pre-emptively warn their users of issues. of course this doesn't
>> pickup everything, but according to the guy that does it, it does
>> help them (he might be slightly biased, as it's technically his job
>> on the line here ... ;-))
>
> I'd like to comment on this - though a bit late.
better late than never :-)
> I'm generally in agreement with this practice.
:-)
> After cleaning all that up,
> and after confirming that we have an AUP that allows me to proactively
> scan (which I believe I should be allowed, say weekly)...
> ... I think I would do that.
this is key, right? your customers connect to *your* network, so they agree to play by *your* rules.
so make sure it's in the AUP. which they need to agree to, to get internet services.
the key is, that this is scalable at edge-ISPs only.
what frank is not saying, is that if you were a large NSP (network service provider) carrying lots of smaller ISPs, then this wouldn't work.
> But only for IPs belonging to our network (originated by our ASN),
> customers with own ASNs should take care of that themselves.
so you don't consider a multi-homed customers to be a problem...or... ?
--n.
More information about the sdnog
mailing list