|
|
|
==What is an Open DNS Resolver?==
Every day, all theeach time we all use DNS to look up names and IPs on the Internet - ie,eg. when you put bbc.co.uk in your browser, your computer needs to look up the IP address of the BBC's web server. To do this it will use DNS. The DNS server will respond back to your computer with the information.
AAISP customers normally use the AAISP DNS servers, or often their own router.
It is quite common for DSL routers to respond to these DNS requests on the WAN side as well as the LAN - this means that other people on the Internet can use your router to do their DNS look upslookups. It also means that 'attackers' can take advantage of this and use your router to attack someone else. This will use up bandwidth on your line.
The 'attack' in this sense is more about attacking somebody else on the Internet by using your DNS resolver. What happens, is that an attacker sends a DNS request to your router from a spoofed IP address. This spoofed IP address is the IP that the attacker wants to target, the victim. Your router then replies to the spoofed IP address with the DNS result. The DNS reply is larger in size tothan the request, and thus this is an 'amplification' attack. On its own one router won't make a difference, but when the same amplification attack is applied to many routers the aggregate reply traffic can become quite disruptive to the victim!.
<center>
|
