Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Problem Linked To DDoS Attacks Gets Worse

Posted by Soulskill on from the i-blame-the-schools dept.

itwbennett writes "The percentage of devices on the Internet that are configured to accept DNS queries from anywhere — what networking experts call an 'open recursive' or 'open resolver' system — has jumped from around 50 percent in 2007 to nearly 80 percent this year, according to research sponsored by DNS appliance company Infoblox. As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers, said Cricket Liu, vice president of architecture with Infoblox. Georgia Tech researcher David Dagon agreed that open recursive systems are on the rise, in part because of 'the increase in home network appliances that allow multiple computers on the Internet. ... Almost all ISPs distribute a home DSL/cable device. Many of the devices have built-in DNS servers. These can sometimes ship in "open by default" states.' What's worse, says Dagon, is that many of these devices do not include patches for a widely publicized DNS flaw discovered by researcher Dan Kaminsky last year."

6 of 69 comments (clear)

  1. For starters by sopssa · · Score: 2, Insightful

    Why would a cable/adsl modem have an open recursive DNS server? There's not a single reason for that - either use your ISP's autodefined DNS servers, change them to something else or set up your own.

    1. Re:For starters by TheRaven64 · · Score: 4, Insightful

      Devices like this should only accept DNS requests from the local network (not from the Internet) and should, unless explicitly configured to perform recursive queries, forward them to the ISP's cache.

      --
      I am TheRaven on Soylent News
  2. is this a problem by hey · · Score: 2, Insightful

    Open DNS servers don't seem so bad to me.
    Like an open website -- OMG everyone can access it.

    1. Re:is this a problem by iLogiK · · Score: 2, Insightful

      I'm not sure how the DNS flaw works, but I just thought of something (feel free to mod me down if this is stupid) If you were to target someone specifically that was using a router that supported auto-update, but it didn't update itself with a fix for the vulnerability yet, couldn't you possibly use the DNS flaw to fool it into getting the update from one of your servers? Meaning, you could get the router to do pretty much anything you want, and a router can do a lot of bad stuff.

  3. Trying to make something from nothing. by danwesnor · · Score: 2, Insightful

    Yeah, but these devices are designed to name serve on the intranet, not the internet. Mine came with the default to ignore all traffic coming from the outside world.

    1. Re:Trying to make something from nothing. by icebraining · · Score: 3, Insightful

      No, they're not, according to the summary: "devices on the Internet that are configured to accept DNS queries from anywhere", "Almost all ISPs distribute a home DSL/cable device. Many of the devices have built-in DNS servers. These can sometimes ship in "open by default" states.'

      Just because yours is closed by default, doesn't mean all are.

      --
      Dilbert RSS feed