Home / News

68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses"

  • Dec 11, 2007 9:51 AM PDT
  • Comments: 2
  • Views: 11,996
Print Comment
PC World

Reported today: "Researchers at Google Inc. and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet."

The Georgia Tech and Google researchers estimate that as many as 0.4%, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers. They also estimate that another 2% of them provide questionable results.

Read full story: PC World

Related topics: Cyberattack, Cybercrime, DNS, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

Re: 68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses" The Famous Brett Watson  –  Dec 11, 2007 5:55 PM PDT

The attack discussed in the article involves the use of malware to modify the resolver settings on the (Windows-based) victim system so that it queries a malicious DNS server. This is a more advanced form of the old trick where the "hosts" file is modified directly, and not an attack on DNS infrastructure or protocols.

# 1 Reply  |  Link  |  Report Problems
Re: 68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses" David A. Ulevitch  –  Dec 12, 2007 8:38 AM PDT

Yes, this is a poorly written report.  I think the data is probably good, but it's obscured by inaccuracies in the write-up which I told the authors about before it published.  None of the significant errors I pointed out were corrected.

Open recursive nameservers continue to NOT be a problem in this domain and people running mis-configured nameservers is.  The fact that they are open may be related to the misconfiguration, but it is not a problem in and of itself.

We're open, but not susceptible to these attacks.

# 2 Reply  |  Link  |  Report Problems

To post comments, please login or create an account.

Related Blogs

Provoking National Boundaries on the Internet? A chilling thought…

  • Jun 18, 2013
  • Comments: 1

Intelligence Exchange in a Free Market Economy

  • Jun 11, 2013
  • Comments: 4

BIND 9 Users Should Upgrade to Most Recent Version to Avoid Remote Exploit

  • Jun 06, 2013
  • Comments: 0

The Rise of Cyrillic Domain Names

  • Jun 03, 2013
  • Comments: 0

Multi-Layer Security Architecture - Importance of DNS Firewalls

  • May 30, 2013
  • Comments: 0
View More

Related News

UNESCO Director-General on Linguistic Diversity on the Internet: Main Challenges Are Technical

  • Jun 07, 2013
  • Comments: 0

Arrest Made in Connection to Spamhaus DDoS Case

  • Apr 29, 2013
  • Comments: 0

Massive Spam and Malware Campaign Following Boston Tragedy

  • Apr 17, 2013
  • Comments: 0

China and the United States Agree on Forming Joint Cybersecurity Working Group

  • Apr 15, 2013
  • Comments: 0

U.S. CERT Issues Alert on DNS Amplification Attacks

  • Mar 31, 2013
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNS SecurityRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

Neustar Launches Global Partner Program

MarkMonitor Named a Top Trusted Website in OTA's 2013 Online Trust Honor Roll

Neustar Chief Technology Officer Appointed to FCC's Technological Advisory Council

Dyn to Host Geek Summer Camp for Internet Infrastructure, Web Performance Industry

  • By Dyn
  • Views: 688

A Look at Traffic Management for External "Cloud" Load Balancing

  • By Dyn
  • Views: 1,592

Dyn Acquires Mobile Dashboard App Trendslide

  • By Dyn
  • Views: 2,504

Dyn Research: Where Do Companies Host Their Websites?

  • By Dyn
  • Views: 1,397

Hope is Not a Strategy: Neustar Releases 2012 Annual DDoS Attack and Impact Survey

Dyn Adds Tech Company Leader Michael Boustridge To Board of Directors

  • By Dyn
  • Views: 1,575

How Neustar Technology Can Help Mitigate DDoS Attacks

CentralNic Powers First New Top-Level Domains Announced by ICANN

DCA Registry Services Participates in ICANN Africa Strategy Meeting, Addis Ababa

Reducing the Risks of BYOD with Nominum's Security Solution

Neustar Launches Enterprise Professional Services Offerings

Dyn Adds Claudia Santoro, Dave Connors and Andrew Sullivan to Technical Team

  • By Dyn
  • Views: 2,462

Dyn Acquires Website Monitoring Startup Verelo

  • By Dyn
  • Views: 2,337

Why Website Downtime Is Amateur Hour

  • By Dyn
  • Views: 2,597

Nominum Releases New Security Intelligence Application

Mitigating DDoS Attacks: A Global Challenge

  • By PIR
  • Views: 3,644

Our New Initiatives To Combat Botnets

  • By PIR
  • Views: 4,274
View More

Sponsored Topics

Neustar

DNS

Sponsored by
Neustar
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Afilias

DNS Security

Sponsored by
Afilias
View All Topics