Выбрать язык


Выбрать язык | Show only


Русский | English


вторник, 3 января 2017 г.

New Year: DNS open resolvers quantity dynamics

In summer 2016 I provided brief analysis of open DNS-resolvers (DDoS-attacks type DNS Amplification sources) by countries. Using the same shodan I decided to make NY report and to calculate the dynamics. The year is new but security holes are old.
http://1u88jj3r4db2x4txp44yqfj1.wpengine.netdna-cdn.com/wp-content/uploads/2014/04/ddos.jpg

So, NY report for DNS with open recursion has such behavior as to June one in integral TOP-10 for the world:


2016 2017 Fixed, %
China 1066365 604080 43,35
Taiwan 308033 244719 20,55
USA 254265 206442 18,81
Korea 252341 232386 7,91
Russia 172123 131060 23,86
India 160751 115616 28,08
Brazil 155392 155889 -0,32
Turkey 97970 74572 23,88
Japan 58950 49473 16,08
Italy 46168 54122 -17,23


Countries with positive percentage decreased opens resolvers' quantity and negative percentage holders increased it.

In general, open recursion DNS-servers quantity is less than half a year. The whole world shows such numbers according to previous table:

TOTAL 3537994 2710631 23,39

Differential TOP 10 based on integral one for DNS open resolvers looks liken a chart:




And in the table view:


Country Fixed, %
1 China 43,35
2 India 28,08
3 Turkey 23,88
4 Russia 23,86
5 Taiwan 20,55
6 USA 18,81
7 Japan 16,08
8 Korea 7,91
9 Brazil -0,32
10 Italy -17,23

So, it is clear that IPv4-space contains less open resolvers (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
  • DNS-servers were reconfigured correctly
  • Unused services were disabled on servers
  • Hosting- and Internet-providers blocked a part of malicious traffic sources
  • Upgraded software disables recursion by default
  • Shodan loses control of vulnerable servers
  • Your version
I hope that new year will help us fix old bugs with open resolvers.
A little HOWTO for holey DNS fixup: here (in Russian)  and here (in English).

Комментариев нет:

Отправить комментарий