[sdnog] Understanding the Origins of Anomalous Open DNS Resolvers

Frank Habicht geier at geier.ne.tz
Mon Mar 16 15:20:43 SAST 2015


On 3/16/2015 3:52 PM, Nishal Goburdhan wrote:
> On 16 Mar 2015, at 14:35, Frank Habicht <geier at geier.ne.tz> wrote:
>> After cleaning all that up, and after confirming that we have an
>> AUP that allows me to proactively scan (which I believe I should be
>> allowed, say weekly)... ... I think I would do that.
> this is key, right?  your customers connect to *your* network, so
> they agree to play by *your* rules. so make sure it's in the AUP.
> which they need to agree to, to get internet services.
> the key is, that this is scalable at edge-ISPs only. what frank is
> not saying, is that if you were a large NSP (network service
> provider) carrying lots of smaller ISPs, then this wouldn't work.

Even an NSP would have enterprise customers...
And if I know them and consider them to be doing harm (say open
resolvers with real big traffic), then I wouldn't exclude them from some
"attention" ...

>> But only for IPs belonging to our network (originated by our ASN), 
>> customers with own ASNs should take care of that themselves.
> so you don't consider a multi-homed customers to be a problem...or...
> ?
So: firstly the multihomed customers in AS 64512 multihoming 2 times to
my network are my problem ;-)

For other ASNs, if they have more enterprise character, then see above.
If they are service providers, then it's about the reputation of their
Though a good idea would be if "we all" could put some commercial
pressure on bad-reputation networks.
But then there are different layers involved, and things get difficult.


More information about the sdnog mailing list