The Infoblox survey was conducted by The Measurement Factory, which gets its data by scanning about 5 percent of the IP addresses on the Internet. The data will be posted here in the next few days.
According to Measurement Factory President Duane Wessels, DNS amplification attacks do occur, but they're not the most common form of DDoS attack. "Those of us that track these and are aware of it tend to be a little bit surprised that we don't see more attacks that use open resolvers," he said. "It's kind of a puzzle."
Wessels believes that the move toward the next-generation IPv6 standard may be inadvertently contributing to the problem. Some of the modems are configured to use DNS server software called Trick or Tread Daemon (TOTd) -- which converts addresses between IPv4 and IPv6 formats. Often this software is configured as an open resolver, Wessels said.