Hi,
I've been reading more about the DDOS attack on Spamhaus that's been affecting Internet traffic in Europe for the past few days. A key feature of the attack is its use of DNS amplification, eg open DNS recursors that amplify DNS queries and give an attacker access to orders of magnitude more bandwidth than they had access to before. There's more information here: http://blog.cloudflare.com/the-ddos-tha ... e-internet
Searching my /24 subblock on Sonic.net reveals seven open DNS recursors in this IP block, as found here: http://openresolverproject.org/search.c ... r=50.0.204
Is it possible to reach out to the maintainers of these and ask them to be closed, or only return responses to queries from Sonic IP's?
Best,
Kevin
I've been reading more about the DDOS attack on Spamhaus that's been affecting Internet traffic in Europe for the past few days. A key feature of the attack is its use of DNS amplification, eg open DNS recursors that amplify DNS queries and give an attacker access to orders of magnitude more bandwidth than they had access to before. There's more information here: http://blog.cloudflare.com/the-ddos-tha ... e-internet
Searching my /24 subblock on Sonic.net reveals seven open DNS recursors in this IP block, as found here: http://openresolverproject.org/search.c ... r=50.0.204
Is it possible to reach out to the maintainers of these and ask them to be closed, or only return responses to queries from Sonic IP's?
Best,
Kevin