[sdnog] Understanding the Origins of Anomalous Open DNS Resolvers

Nishal Goburdhan nishal at controlfreak.co.za
Mon Mar 16 14:52:45 SAST 2015

On 16 Mar 2015, at 14:35, Frank Habicht <geier at geier.ne.tz> wrote:
> Hi,
> On 3/8/2015 2:32 PM, Nishal Goburdhan wrote:
>> one ISP that i know in ZA, actively scans its consumer base,
>> including some of its colocation environments as a way to
>> pre-emptively warn their users of issues.  of course this doesn't
>> pickup everything, but according to the guy that does it, it does
>> help them (he might be slightly biased, as it's technically his job
>> on the line here ... ;-)) 
> I'd like to comment on this - though a bit late.

better late than never  :-)

> I'm generally in agreement with this practice.


> After cleaning all that up,
> and after confirming that we have an AUP that allows me to proactively
> scan (which I believe I should be allowed, say weekly)...
> ... I think I would do that.

this is key, right?  your customers connect to *your* network, so they agree to play by *your* rules.
so make sure it's in the AUP.  which they need to agree to, to get internet services.

the key is, that this is scalable at edge-ISPs only.   
what frank is not saying, is that if you were a large NSP (network service provider) carrying lots of smaller ISPs, then this wouldn't work.  

> But only for IPs belonging to our network (originated by our ASN),
> customers with own ASNs should take care of that themselves.

so you don't consider a multi-homed customers to be a problem...or... ?


More information about the sdnog mailing list