[sdnog] Understanding the Origins of Anomalous Open DNS Resolvers
Nishal Goburdhan
nishal at controlfreak.co.za
Tue Mar 17 09:03:18 SAST 2015
On 16 Mar 2015, at 15:20, Frank Habicht <geier at geier.ne.tz> wrote:
> Even an NSP would have enterprise customers...
> And if I know them and consider them to be doing harm (say open
> resolvers with real big traffic), then I wouldn't exclude them from some
> "attention" ...
fair enough. this still counts as a network "edge" though.
> So: firstly the multihomed customers in AS 64512 multihoming 2 times to
> my network are my problem ;-)
perhaps i should have said "dual-homed" ...
> For other ASNs, if they have more enterprise character, then see above.
> If they are service providers, then it's about the reputation of their
> network.
thanks. this answered my question.
> Though a good idea would be if "we all" could put some commercial
> pressure on bad-reputation networks.
> But then there are different layers involved, and things get difficult.
> ;-)
before putting pressure on others, i would first suggest cleaning house first.
there are a variety of things that - as an ISP - you could do internally, including, but not limited to:
* ingress filtering (aka BCP38 / RFC3704 filtering)
* remote triggered black hole
* AS112 to assist with unwanted DNS queries
... etc.
perhaps there's place for a network housekeeping tools BOF at the next event?
--n.
More information about the sdnog
mailing list