Home / news

68,000 Open Recursive DNS Servers Behaving Maliciously; “This is a crime with few witnesses”

Dec 11, 2007 9:51 AM PST | Comments: 2
Print
By CircleID Reporter

Reported today: “Researchers at Google Inc. and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.”

The Georgia Tech and Google researchers estimate that as many as 0.4%, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers. They also estimate that another 2% of them provide questionable results.

Read Full Story at PC World

Source Credit: This has been a featured post from CircleID Reporter. To learn more, visit this participant's full profile page.

More Under: Cyberattack, DNS, Security

Stay Updated: To receive weekly email updates from CircleID sign up here or see the list of RSS feeds and mobile version of this site.

Print

Comments

#1 | By The Famous Brett Watson | Dec 11, 07 @04:55 pm PST

The attack discussed in the article involves the use of malware to modify the resolver settings on the (Windows-based) victim system so that it queries a malicious DNS server. This is a more advanced form of the old trick where the “hosts” file is modified directly, and not an attack on DNS infrastructure or protocols.

Reply | Top ^
#2 | By David A. Ulevitch | Dec 12, 07 @07:38 am PST

Yes, this is a poorly written report.  I think the data is probably good, but it’s obscured by inaccuracies in the write-up which I told the authors about before it published.  None of the significant errors I pointed out were corrected.

Open recursive nameservers continue to NOT be a problem in this domain and people running mis-configured nameservers is.  The fact that they are open may be related to the misconfiguration, but it is not a problem in and of itself.

We’re open, but not susceptible to these attacks.

Reply | Top ^
Login or Sign Up to add your comments here, get access to CircleID Directory, browse the most popular posts, and more.

Start Your AdAds

Sponsored LinksMarketplace

Industry Updates

May 15, 2008 11:28 AM PST

Overstock.com Chooses NeuStar’s UltraDNS for Managed DNS Service

NeuStar, Inc. has announced that Overstock.com, a popular online closeout retailer, has chosen NeuStar's UltraDNS Managed DNS Service to provide Overstock.com with a global DNS infrastructure that significantly enhances end-user experience and operational security -- and protects revenue in the highly competitive online retail market. ›››

By NeuStar | Views: 67

May 14, 2008 11:37 AM PST

Inside Your Domain Portfolio

We've seen a lot of changes in the domain industry over the last year, some positive, some challenging. Whether you're an old pro or just beginning, this spring is a great time to take inventory and make sure your domain business is on the right track for success this year and beyond. ›››

By Sedo | Views: 110

May 14, 2008 11:32 AM PST

Sedo at Domain Roundtable 2008, San Francisco

Domain Roundtable 2008 was an all-around successful event for Sedo. The conference was attended by the domain industry's best and brightest and the Sedo team was right there in the thick of it. ›››

By Sedo | Views: 100

May 14, 2008 11:27 AM PST

Sedo’s New Brokerage Application

Have you ever wanted to buy or sell a domain or a portfolio of domains but just didn't have the time to market it, manage and negotiate the best possible price? You can now request this premium service and work with an experienced Sedo domain broker. ›››

By Sedo | Views: 135

May 13, 2008 3:00 PM PST

ICANN Unanimously Approves RegistryPro Proposal to Expand the .Pro TLD

RegistryPro, the exclusive operator of the .Pro top level domain (TLD), has received approval from ICANN to greatly expand the scope and availability of the .Pro TLD. The newly ratified terms of service increases the number of professionals who are eligible for the TLD, extends the availability globally, and streamlines the registration process. ›››

By Hostway | Views: 247

May 06, 2008 10:16 AM PST

Oversee.net’s DomainSponsor Presents 3rd Annual DOMAINfest Global

The third annual DOMAINfest Global, the premier conference and networking event for the domain name industry, will be held at the Renaissance Hollywood Hotel in Hollywood, California from January 28-30, 2009. Event registration will open later this year. ›››

By DomainSponsor | Views: 464

May 02, 2008 10:21 AM PST

.NL Auction Sneak Peak!

Join Sedo for our much anticipated .NL auction, being held from May 2nd 4pm (EST) until May 9th at approximately 4pm (EST). As the worth of the .NL continues to increase, so does the demand. ›››

By Sedo | Views: 551

Apr 30, 2008 10:01 AM PST

dotMobi Requests Proposals for find.mobi

dotMobi today announced that is accepting proposals for find.mobi, a consumer-facing mobile search tool; find.mobi was created by dotMobi's research and development team to demonstrate an operational mobile search engine that made the most of the mobile web and needs of on-the-go users. ›››

By dotMobi | Views: 755

Apr 28, 2008 2:08 PM PST

dotMobi Offers Prime Selection of Generic Domain Names to Spur Mobile Web Growth

As part of its ongoing series of unique methods of allocating Internet domain names, dotMobi is bringing 16 "premium names" to market at Moniker's T.R.A.F.F.I.C. East Auction on May 23, 2008. ›››

By dotMobi | Views: 984

Apr 28, 2008 11:41 AM PST

Sedo’s Better-than-Ever Brokerage Service!

Sedo's brokerage services are being updated with a new process for submitting both buyer and seller side brokerage requests and enhanced communications tools.  ›››

By Sedo | Views: 827

Start Your AdAds