Home / News

68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses"

Reported today: "Researchers at Google Inc. and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet."

The Georgia Tech and Google researchers estimate that as many as 0.4%, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers. They also estimate that another 2% of them provide questionable results.

Read full story: PC World

Related topics: Cyberattack, Cybercrime, DNS, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: 68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses" The Famous Brett Watson  –  Dec 11, 2007 4:55 PM PST

The attack discussed in the article involves the use of malware to modify the resolver settings on the (Windows-based) victim system so that it queries a malicious DNS server. This is a more advanced form of the old trick where the "hosts" file is modified directly, and not an attack on DNS infrastructure or protocols.

Re: 68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses" David A. Ulevitch  –  Dec 12, 2007 7:38 AM PST

Yes, this is a poorly written report.  I think the data is probably good, but it's obscured by inaccuracies in the write-up which I told the authors about before it published.  None of the significant errors I pointed out were corrected.

Open recursive nameservers continue to NOT be a problem in this domain and people running mis-configured nameservers is.  The fact that they are open may be related to the misconfiguration, but it is not a problem in and of itself.

We're open, but not susceptible to these attacks.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNS Security

Sponsored by
Afilias
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign