short-paper

Investigating DNS Manipulation by Open DNS Resolvers

Authors:

CoNEXT '19 Companion: Proceedings of the 15th International Conference on emerging Networking EXperiments and Technologies

Pages 45 - 46

https://doi.org/10.1145/3360468.3368172

Published: 09 December 2019 Publication History

Get Access

Abstract

Open DNS resolvers are resolvers that perform recursive resolution on behalf of any user. They can be exploited by adversaries because they are open to the public and require no authorization to use. Therefore, it is important to understand the state of open resolvers to gauge their potentially negative impact on the security and stability of the Internet. In this study, we conducted a comprehensive probing over the entire IPv4 address space and found that more than 3 million open resolvers still exist in the wild. More importantly, we found that many open resolvers answer queries with the incorrect, even malicious, responses. Contrasting to results obtained in 2013, we found that the number of open resolvers has decreased significantly, while the number of open resolvers providing malicious responses has increased.

References

[1]

Manos Antonakakis, David Dagon, Xiapu Luo, Roberto Perdisci, Wenke Lee, and Justin Bellmor. 2010. A Centralized Monitoring Infrastructure for Improving DNS Security. In Proc. of the RAID.

Crossref

Google Scholar

[2]

CloudFlare. 2013. The DDoS That Knocked Spamhaus Offline (And How We Mitigated It). http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho.

Google Scholar

[3]

David Dagon, Niels Provos, Christopher P. Lee, and Wenke Lee. 2008. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority. In Proc. of the NDSS.

Google Scholar

[4]

Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz. 2014. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks. In Proc. of the USENIX Security.

Google Scholar

[5]

Aziz Mohaisen and Kui Ren. 2017. Leakage of. onion at the DNS Root: Measurements, Causes, and Countermeasures. IEEE/ACM Transactions on Networking 25, 5 (2017), 3059--3072.

Digital Library

Google Scholar

Recommendations

Comparing DNS resolvers in the wild
IMC '10: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement

The Domain Name System (DNS) is a fundamental building block of the Internet. Today, the performance of more and more applications depend not only on the responsiveness of DNS, but also the exact answer returned by the queried DNS resolver, e.g., for ...
Swamp of Reflectors: Investigating the Ecosystem of Open DNS Resolvers
Passive and Active Measurement
Abstract
DNS reflection-based DDoS attacks rely on open DNS resolvers to reflect and amplify attack traffic towards victims. While the majority of these resolvers are considered to be open because of misconfiguration, there remains a lot to be learned ...
Pollution resilience for DNS resolvers
ICC'09: Proceedings of the 2009 IEEE international conference on Communications

The DNS is a cornerstone of the Internet. Unfortunately, no matter how securely an organization provisions and guards its own DNS infrastructure, it is at the mercy of others' provisioning when it comes to resolutions its resolvers perform on behalf of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CoNEXT '19 Companion: Proceedings of the 15th International Conference on emerging Networking EXperiments and Technologies

December 2019

93 pages

ISBN:9781450370066

DOI:10.1145/3360468

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 December 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Short-paper
Research
Refereed limited

Funding Sources

National Research Foundation

Conference

CoNEXT '19

Sponsor:

SIGCOMM

CoNEXT '19: The 15th International Conference on emerging Networking EXperiments and Technologies

December 9 - 12, 2019

FL, Orlando, USA

Acceptance Rates

CoNEXT '19 Companion Paper Acceptance Rate 34 of 52 submissions, 65%;

Overall Acceptance Rate 198 of 789 submissions, 25%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
161
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Recommendations

Comparing DNS resolvers in the wild

Swamp of Reflectors: Investigating the Ecosystem of Open DNS Resolvers

Pollution resilience for DNS resolvers