Home / News

68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses"

Reported today: "Researchers at Google Inc. and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet."

The Georgia Tech and Google researchers estimate that as many as 0.4%, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers. They also estimate that another 2% of them provide questionable results.

Read full story: PC World

Related topics: Cyberattack, Cybercrime, DNS, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: 68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses" The Famous Brett Watson  –  Dec 11, 2007 5:55 PM PDT

The attack discussed in the article involves the use of malware to modify the resolver settings on the (Windows-based) victim system so that it queries a malicious DNS server. This is a more advanced form of the old trick where the "hosts" file is modified directly, and not an attack on DNS infrastructure or protocols.

Re: 68,000 Open Recursive DNS Servers Behaving Maliciously; "This is a crime with few witnesses" David A. Ulevitch  –  Dec 12, 2007 8:38 AM PDT

Yes, this is a poorly written report.  I think the data is probably good, but it's obscured by inaccuracies in the write-up which I told the authors about before it published.  None of the significant errors I pointed out were corrected.

Open recursive nameservers continue to NOT be a problem in this domain and people running mis-configured nameservers is.  The fact that they are open may be related to the misconfiguration, but it is not a problem in and of itself.

We're open, but not susceptible to these attacks.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

What Holds Firms Back from Choosing Cloud-Based External DNS?

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Sponsored Topics

Port25

Email

Sponsored by
Port25
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias