Chengxi Xu, Yunyi Zhang, Fan Shi, Huimin Ma, Wanmeng Ding, Hong Shan
{"title":"Gushing Resolvers: Measuring Open Resolvers’ Recursive Behavior","authors":"Chengxi Xu, Yunyi Zhang, Fan Shi, Huimin Ma, Wanmeng Ding, Hong Shan","doi":"10.1145/3573834.3574533","DOIUrl":null,"url":null,"abstract":"Open resolvers can be easily exploited by malicious actors to launch DDoS attacks against important services on the Internet, which has aroused much concern in the Internet community. Researchers have studied extensively the population, structure, and malicious behavior of open resolvers, while little has been done to reveal how open resolvers respond to non-recursion queries. In this paper, we conduct an Internet-wide measurement on the recursive behavior of open resolvers. We discover that more than 1 million gushing resolvers in the wild are more enthusiastic than needed to respond to non-recursive queries, either triggering a new recursive resolution process or replying with cached records. Furthermore, we discuss possible security implications posed by the massive gushing resolvers. Specifically, we show that gushing resolvers are prone to be targets of ranking manipulation attacks if they happen to be the data collection points of top lists. At last, we put forward suggestions for resolver operators to improve such a situation.","PeriodicalId":345434,"journal":{"name":"Proceedings of the 4th International Conference on Advanced Information Science and System","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th International Conference on Advanced Information Science and System","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3573834.3574533","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Open resolvers can be easily exploited by malicious actors to launch DDoS attacks against important services on the Internet, which has aroused much concern in the Internet community. Researchers have studied extensively the population, structure, and malicious behavior of open resolvers, while little has been done to reveal how open resolvers respond to non-recursion queries. In this paper, we conduct an Internet-wide measurement on the recursive behavior of open resolvers. We discover that more than 1 million gushing resolvers in the wild are more enthusiastic than needed to respond to non-recursive queries, either triggering a new recursive resolution process or replying with cached records. Furthermore, we discuss possible security implications posed by the massive gushing resolvers. Specifically, we show that gushing resolvers are prone to be targets of ranking manipulation attacks if they happen to be the data collection points of top lists. At last, we put forward suggestions for resolver operators to improve such a situation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
