New Year: DNS open resolvers quantity dynamics

New Year: DNS open resolvers quantity dynamics
In summer 2016 I provided brief analysis of open DNS-resolvers (DDoS-attacks type DNS Amplification sources) by countries. Using the same shodan I decided to make NY report and to calculate the dynamics. The year is new but security holes are old.

So, NY report for DNS with open recursion has such behavior as to June one in integral TOP-10 for the world:

2016 2017 Fixed, %
China 1066365 604080 43,35
Taiwan 308033 244719 20,55
USA 254265 206442 18,81
Korea 252341 232386 7,91
Russia 172123 131060 23,86
India 160751 115616 28,08
Brazil 155392 155889 -0,32
Turkey 97970 74572 23,88
Japan 58950 49473 16,08
Italy 46168 54122 -17,23

Countries with positive percentage decreased opens resolvers' quantity and negative percentage holders increased it.

In general, open recursion DNS-servers quantity is less than half a year. The whole world shows such numbers according to previous table:

TOTAL 3537994 2710631 23,39

Differential TOP 10 based on integral one for DNS open resolvers looks liken a chart:

And in the table view:

Country Fixed, %
1 China 43,35
2 India 28,08
3 Turkey 23,88
4 Russia 23,86
5 Taiwan 20,55
6 USA 18,81
7 Japan 16,08
8 Korea 7,91
9 Brazil -0,32
10 Italy -17,23

So, it is clear that IPv4-space contains less open resolvers (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
  • DNS-servers were reconfigured correctly
  • Unused services were disabled on servers
  • Hosting- and Internet-providers blocked a part of malicious traffic sources
  • Upgraded software disables recursion by default
  • Shodan loses control of vulnerable servers
  • Your version
I hope that new year will help us fix old bugs with open resolvers.
A little HOWTO for holey DNS fixup: here (in Russian)   and here (in English) .

Alt text

Нидерландах из-за уязвимостей в Microsoft Exchange в магазинах исчез сыр, а в США для устранения последствий взлома сотен компьютеров пришлось привлечь даже ФБР. Смотрите 13 выпуск security-новостей на нашем Youtube канале.

Андрей Дугин

Практическая информационная безопасность и защита информации | Information Security and Cyber Defense in Deed