Extra Feeds & Services »

Home / News

68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses"

  • Dec 11, 2007 9:51 AM PST
  • Comments: 2
  • Views: 5,915
Print Comment
PC World

Reported today: "Researchers at Google Inc. and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet."

The Georgia Tech and Google researchers estimate that as many as 0.4%, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers. They also estimate that another 2% of them provide questionable results.

Get CircleID's weekly roundup of postings:

Read full story: PC World

See related topics: Cyberattack, DNS, Security

 Master Feed (more feeds)      Twitter      Mobile
Bookmark / Email This Post
Print Comment

Comments

Re: 68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses" The Famous Brett Watson  –  Dec 11, 2007 4:55 PM PST

The attack discussed in the article involves the use of malware to modify the resolver settings on the (Windows-based) victim system so that it queries a malicious DNS server. This is a more advanced form of the old trick where the "hosts" file is modified directly, and not an attack on DNS infrastructure or protocols.

Reply  |  Link  |  Report Problems
Re: 68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses" David A. Ulevitch  –  Dec 12, 2007 7:38 AM PST

Yes, this is a poorly written report.  I think the data is probably good, but it's obscured by inaccuracies in the write-up which I told the authors about before it published.  None of the significant errors I pointed out were corrected.

Open recursive nameservers continue to NOT be a problem in this domain and people running mis-configured nameservers is.  The fact that they are open may be related to the misconfiguration, but it is not a problem in and of itself.

We're open, but not susceptible to these attacks.

Reply  |  Link  |  Report Problems

To post comments, please login or create an account.

Related News

IETF Debates DNS Security: Fix It or Push for DNSSEC

  • Nov 20, 2008
  • Comments: 0

We Must Avoid Cyber Crisis Equivalent to Current Financial Crisis, Urge Experts

  • Nov 20, 2008
  • Comments: 0

Cybersecurity Improvement Needs Partnership Not Regulation, Says Industry Group

  • Nov 19, 2008
  • Comments: 0

Despite Baffling Delays in DNSSEC, Wide-Spread Adoption Close, Says DNS Inventor Paul Mockapetris

  • Nov 17, 2008
  • Comments: 0

If Obama Gets His Way, All Americans Would Have Broadband Internet Access

  • Nov 13, 2008
  • Comments: 1
View More

Related Blogs

Why DNS is Broken, in Plain English

  • Nov 13, 2008
  • Comments: 2

The Harsh Reality of Spam and Online Security… Should I Stay or Should I Go?

  • Nov 13, 2008
  • Comments: 0

Proposal for Signing the DNSSEC Root

  • Nov 13, 2008
  • Comments: 1

More on 'Researchers Hijack Storm Worm to Track Profits'

  • Nov 10, 2008
  • Comments: 1

What's Going on at ICANN in Cairo

  • Nov 06, 2008
  • Comments: 0
View More

Industry Updates

DomainPeople Lets Trademark Owners Register Their .Tel Domain Name Early

dotMobi Announces 2.1 Release of Award-Winning DeviceAtlas Mobile Device Database

GSMA Delivers Industry First in Carrier ENUM Initiative

dotMobi Drives Mass Market Adoption of the Mobile Web With Instant Mobilizer

dotMobi and .tel Are Complementary Domains: There is No Overlap

View More

Advertise  |  About IDG TechNetwork  |  Become a Member Site  |  Privacy Policy