Reported today: "Researchers at Google Inc. and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet."
The Georgia Tech and Google researchers estimate that as many as 0.4%, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers. They also estimate that another 2% of them provide questionable results.
Read Full Story: PC World
See Related Topics: Cyberattack, DNS, Security
Comments
The attack discussed in the article involves the use of malware to modify the resolver settings on the (Windows-based) victim system so that it queries a malicious DNS server. This is a more advanced form of the old trick where the "hosts" file is modified directly, and not an attack on DNS infrastructure or protocols.
Yes, this is a poorly written report. I think the data is probably good, but it's obscured by inaccuracies in the write-up which I told the authors about before it published. None of the significant errors I pointed out were corrected.
Open recursive nameservers continue to NOT be a problem in this domain and people running mis-configured nameservers is. The fact that they are open may be related to the misconfiguration, but it is not a problem in and of itself.
We're open, but not susceptible to these attacks.