Successful Campaign for IPv4 Open Resolvers
25/02/2021
LACNIC CSIRT, together with CSIRT CEDIA, carried out the “DNS Open Resolvers on IPv4” campaign, with the aim of identifying the open servers of LACNIC members and proactively recommending potential corrections to how this service is configured.
The project had a “successful” outcome, according to the conclusions reached by its organizers, as it was possible to reduce a large number of DNS servers open to the world that involved resources from LACNIC members (see Figure 1).
Research consisted of detecting open IPv4 servers in IP addresses administered by LACNIC and helping organizations to configure them correctly in order to avoid possible errors or malicious and disruptive actions, since they can be used to attack other systems and even to carry out Denial of Service attacks.
After detecting open servers from different organizations within the region, LACNIC and CEDIA experts sent messages through three different channels (e-mail, direct contact with the person responsible for the range and through the security module MiLACNIC). These messages contained suggestions for solving the problem.
The following graph compares the success rate of the operation according to the channel of communication used. The project leaders considered a successful response when the server stopped responding to the query made.
As shown, the e-mail proved to be the most effective channel. “Along the same lines, the conclusion is that there are many technical or abuse mailboxes to which reports cannot be sent for different reasons. It is necessary for organizations to ensure that these mailboxes are functional and up to date so that they can report any security incidents that may arise,” stated the work of LACNIC CSIRT and CEDIA CSIRT.
Effective Throughout the project, LACNIC and CEDIA experts have observed a decrease in the number of open resolver servers open to the world (Graph 3).
LACNIC CSIRT recommends its members to perform a security analysis and configuration check before connecting the server to the Internet. In this regard, the LACNIC CSIRT provides a series of steps to help solve these difficulties, which can be found here
Read the full report here