LACNIC

Events

LACNIC Presents a Study to Identify Open DNS Resolvers with IPv4 in the Region

09/10/2020

During the LACNIC 34 – LACNOG 2020 event, LACNIC’s Computer Security Incident Response Team (CSIRT) presented “Open DNS Resolvers with IPv4,” an initiative that seeks to identify servers that are vulnerable to cyberattacks across the region.

The project is implemented together with CSIRT CEDIA, the CSIRT operated by the Ecuadorian Corporation for Research and Academia (CEDIA), for the purpose of understanding the region’s current status, identifying open servers with IPv4, and proactively alerting and providing recommendations on how an organization can correct their configuration of the service, explained Guillermo Pereyra, LACNIC CSIRT Security Analyst.

Open servers can have serious consequences, both for those with the open service as well as for Internet security in general.

“This type of (open) servers are used as vectors for amplification DDoS attacks, as an attacker can send these servers a recursive DNS query that will return a large amount of data, much larger than the original DNS request packet. This makes the DNS server a very powerful traffic amplifier, as these amplified queries can be directed to a specific IP address, which would receive a large volume of traffic that would render their services unavailable,” Pereyra explained.

A server with an incorrect or outdated configuration compromises the security of its network as well as the security of other servers connected to the Internet. It is a vulnerable system that extends its vulnerability to the entire system, and this can be exploited by malicious attackers

“The proper administration of the resources connected to the Internet requires considering the systems’ security from the moment of their design,” Pereyra stressed during her presentation.

Solutions. The research conducted by LACNIC and CEDIA provides a series of technical recommendations for reconfiguring DNS servers so that they will only reply to queries from clients that are within the same network, rejecting all others.

On the project’s website, LACNIC and CEDIA provide the information that an organization needs to solve their problems, as well as mechanisms to verify whether the change of configuration has been successful. In order to do this, it suggests that an organization that has implemented the necessary changes go to https://openresolver.com/ and verify whether the reported IP address is an open resolver.