Time to name and shame open DNS resolvers?

Forums › ICT Policies and Regulation › Time to name and shame open DNS resolvers?

jpollock

600 posts

Ultimate Geek
+1 received by user: 5

Trusted

#115523 28-Mar-2013 15:01

So, a 300Gbps DoS attack. Biggest ever. So big, it caused problems at the large interexchange points in tier one carriers.

For more information on the attack, CloudFlare has some excellent information.

http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet

The HackerNews discussion also indicates that some ADSL modems forward DNS requests to the internal network through NAT, so you should check if your IP address is in the list of open resolvers if you're running a DNS server:

http://dns.measurement-factory.com/surveys/openresolvers.html

There are many NZ organisations on the list of open resolvers. Perhaps we should think about naming and shaming them?

http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html

---
http://blog.jason.pollock.ca

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#788813 28-Mar-2013 17:08

according to the article I read (http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie), this not only did NOT break the internet, it barely even registered.

but back to the original reason for the post.... yeah, probably a good idea to fix the DNS problem this way. Its been around way too long now.

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

jpollock

600 posts

Ultimate Geek
+1 received by user: 5

Trusted

#788875 28-Mar-2013 18:56

Nifty, I hadn't seen that article, only RadioNZ and the NYTimes.

Still, it's interesting to see some rather large names in NZ IT with their IP ranges listed in the open relay list.

---
http://blog.jason.pollock.ca

jpollock

600 posts

Ultimate Geek
+1 received by user: 5

Trusted

#789155 29-Mar-2013 11:02

More information. Looks like the IP addresses at some IX points were globally routable, which allowed them to be individually attacked.

http://cluepon.net/ras/gizmodo

---
http://blog.jason.pollock.ca

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#789159 29-Mar-2013 11:05

There's a discussion about this already including my reply that this whole thing was just a marketing exercise really.

This topic here seems to be about open DNS responders management, not about "the event".

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

jpollock

600 posts

Ultimate Geek
+1 received by user: 5

Trusted

#789305 29-Mar-2013 16:29

Yes, looking at the list in the research, there are a lot of organisations in NZ that should know better. Hence, should we name and shame them? I'm talking about orgs that aren't known as ISPs...

---
http://blog.jason.pollock.ca

Batman

Mad Scientist
30012 posts

Uber Geek
+1 received by user: 6217

Trusted

Lifetime subscriber

#789321 29-Mar-2013 17:40

erm ... someone needs to speak english :D

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#789343 29-Mar-2013 18:47

If you know of any open DNS responders that shouldn't be, let us know sure.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

jpollock

600 posts

Ultimate Geek
+1 received by user: 5

Trusted

#789469 30-Mar-2013 00:07

freitasm: If you know of any open DNS responders that shouldn't be, let us know sure.

http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html

"fgrep -i NZ latest.html" and then pruning out the obviously non-New Zealand organisations, produces

count | asn | name
26 | 9889 | MAXNET-NZ-AP Auckland
25 | 4770 | ASIAONLINENZ-AS-AP Asia Online New Zealand
20 | 4768 | CLIX-NZ TelstraClear Ltd
15 | 4648 | NZIX-2 Netgate
13 | 17746 | ORCONINTERNET-NZ-AP Orcon Internet
10 | 23655 | SNAP-NZ-AS Snap Internet Limited
7 | 9790 | CALLPLUS-NZ-AP CallPlus Services Limited
6 | 9431 | AKUNI-NZ The University of Auckland
5 | 17916 | CSC-IGN-AUNZ-AP Computer Sciences Corporation
2 | 9245 | COMPASS-NZ-AP COMPASS NZ
2 | 45459 | WEB-DRIVE-NZ-AS-AP Web Drive Limited
2 | 24347 | INTERGEN-WGTN-AS-NZ Intergen Limted. Internet Service Provid
2 | 4771 | NZTELECOM Netgate
2 | 9872 | ITNET-NZ-AS-AP ITNet Ltd
2 | 18021 | UNINET-AS-AP Unisys NZ, IT Outsourcer,
1 | 45215 | ONENET-AS-NZ OneNet Limited.
1 | 36962 | MTNZ-AS
1 | 45138 | CPIT-NZ-AS-AP Christchurch Polytechnic Institute
1 | 38477 | UNLEASH-AS-NZ-AP Unleash Computers Ltd,
1 | 17435 | WXC-AS-NZ WorldxChange
1 | 23934 | TURNSTONE-NZ-AS-AP Turnstone Technologies LTD NZ AS
1 | 24111 | NZWIRELESS-CO-NZ-AS-AP nzwireless LTD

---
http://blog.jason.pollock.ca

jpollock

600 posts

Ultimate Geek
+1 received by user: 5

Trusted

#789470 30-Mar-2013 00:08

joker97: erm ... someone needs to speak english :D

DNS servers which are connected to the Internet should not allow arbitrary clients to perform recursive queries. Basically, they shouldn't act as a general DNS server for the wider Internet. If they do, they can be used in a DoS attack.

http://dns.measurement-factory.com/surveys/openresolvers.html

---
http://blog.jason.pollock.ca

danfaulknor

974 posts

Ultimate Geek
+1 received by user: 533

Trusted

Prodigi

Subscriber

#789471 30-Mar-2013 00:33

jpollock:
freitasm: If you know of any open DNS responders that shouldn't be, let us know sure.

http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html

"fgrep -i NZ latest.html" and then pruning out the obviously non-New Zealand organisations, produces

count | asn | name
26 | 9889 | MAXNET-NZ-AP Auckland
25 | 4770 | ASIAONLINENZ-AS-AP Asia Online New Zealand
20 | 4768 | CLIX-NZ TelstraClear Ltd
15 | 4648 | NZIX-2 Netgate
13 | 17746 | ORCONINTERNET-NZ-AP Orcon Internet
10 | 23655 | SNAP-NZ-AS Snap Internet Limited
7 | 9790 | CALLPLUS-NZ-AP CallPlus Services Limited
6 | 9431 | AKUNI-NZ The University of Auckland
5 | 17916 | CSC-IGN-AUNZ-AP Computer Sciences Corporation
2 | 9245 | COMPASS-NZ-AP COMPASS NZ
2 | 45459 | WEB-DRIVE-NZ-AS-AP Web Drive Limited
2 | 24347 | INTERGEN-WGTN-AS-NZ Intergen Limted. Internet Service Provid
2 | 4771 | NZTELECOM Netgate
2 | 9872 | ITNET-NZ-AS-AP ITNet Ltd
2 | 18021 | UNINET-AS-AP Unisys NZ, IT Outsourcer,
1 | 45215 | ONENET-AS-NZ OneNet Limited.
1 | 36962 | MTNZ-AS
1 | 45138 | CPIT-NZ-AS-AP Christchurch Polytechnic Institute
1 | 38477 | UNLEASH-AS-NZ-AP Unleash Computers Ltd,
1 | 17435 | WXC-AS-NZ WorldxChange
1 | 23934 | TURNSTONE-NZ-AS-AP Turnstone Technologies LTD NZ AS
1 | 24111 | NZWIRELESS-CO-NZ-AS-AP nzwireless LTD

The problem with most on those list is that they're service providers so it's entirely possible that it's their customers that have the open resolvers...

they/them

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.