Successful Campaign for Detection of IPv4 Open Resolvers

Working jointly with CSIRT CEDIA, LACNIC CSIRT implemented the “IPv4 DNS Open Resolvers” campaign for the purpose of identifying open servers among LACNIC members and proactively recommending the correction of their configuration.

The persons responsible for the project concluded that it had been “successful”, as it had allowed correcting the configuration of a large number of open DNS servers (see chart below).

The study consisted of detecting open checking the IP addresses managed by LACNIC for open IPv4 servers and helping the organizations to configure them properly to avoid potential errors or malicious actions.

After detecting open servers at various organizations in the region, the experts at LACNIC and CEDIA organized and sent notifications through three different channels (email, direct contact with the person responsible for the address range, and through the MiLACNIC platform's security module). These notifications contained suggestions on how to solve the problem.

The chart below compares the success rates for the different communication channels that were used. A successful response was defined as one where the server responded to the query it received.

As the chart shows, email turned out to be the most effective channel to alert the target community about existing security vulnerabilities in their systems and to help correct them. “Along the same lines, it was concluded that there are many technical or abuse email contacts to which it is not possible to send reports for various reasons. Organizations should keep these email contacts operational and up-to-date so they can receive reports on any security incidents that may arise,” warns the report prepared by LACNIC CSIRT and CSIRT CEDIA.

Effective. Throughout the project, LACNIC and CEDIA experts checked the evolution of the number of DNS resolvers open to the world. As the chart below shows, this number has decreased.

LACNIC CSIRT recommends that, before putting a server into production and connecting it to the Internet, its members should design a preliminary test stage is to analyze the server's security and check its configuration. In this sense, LACNIC CSIRT has made available a series of steps to help solve these difficulties, which you will find at the following link: https://csirt.lacnic.net/en/dns-open-resolvers-on-ipv4