The Open Resolver Project reports that they have identified as many as 32 million open DNS resolvers worldwide, with 28 million of those servers posing “a significant threat” to Internet users’ security.
“Open Resolvers pose a significant threat to the global network infrastructure by answering recursive queries for hosts outside of its domain. They are utilized in DNS Amplification attacks and pose a similar threat as those from Smurf attacks commonly seen in the late 1990s,” the project noted.
A Domain Name Server (DNS) amplification attack is considered to be a common form of distributed denial of service (DDoS) attack that leverages open DNS servers to overwhelm a victim system with DNS response traffic, according to US-CERT.
“The primary technique consists of an attacker sending a DNS name lookup request to an open DNS server with the source address spoofed to be the target’s address. When the DNS server sends the DNS record response, it is sent instead to the target. Attackers will typically submit a request for as much zone information as possible to maximize the amplification effect,” US-CERT explains.
When combined with a botnet, attackers can generate “an immense amount of traffic with little effort,” and it is difficult to block the attacks because “the responses are legitimate data coming from valid servers.”
Japan’s CERT (JPCERT/CC) team has released an open DNS detection website in an effort to reduce the number of systems that may be unwittingly contributing to the problem. The site allows users to determine:
- Whether the DNS server configured on your PC is running an open DNS resolver or not
- Whether your network device (e.g. broadband router) connecting to this site is running an open DNS resolver or not
The Open DNS Resolver Check Website is available here (scroll to bottom of page):