Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Category:Open DNS Resolvers: Difference between revisions

← Older editNewer edit →
Content deleted Content added
CecilWard (talk | contribs)
252 edits
CecilWard (talk | contribs)
252 edits
Line 1: Line 1:
==What is an Open DNS Resolver?==
==What is an Open DNS Resolver?==
Every day, all the time we all use DNS to look up names and IPs on the Internet - ie, when you put bbc.co.uk in your browser, your computer needs to look up the IP address of the BBC's web server. To do this it will use DNS. The DNS server will respond back to your computer with the information.
Every day, each time we use DNS to look up names and IPs on the Internet - eg. when you put bbc.co.uk in your browser, your computer needs to look up the IP address of the BBC's web server. To do this it will use DNS. The DNS server will respond back to your computer with the information.


AAISP customers normally use the AAISP DNS servers, or often their own router.
AAISP customers normally use the AAISP DNS servers, or often their own router.


It is quite common for DSL routers to respond to these DNS requests on the WAN side as well as the LAN - this means that other people on the Internet can use your router to do their DNS look ups. It also means that 'attackers' can take advantage of this and use your router to attack someone else. This will use up bandwidth on your line.
It is quite common for DSL routers to respond to these DNS requests on the WAN side as well as the LAN - this means that other people on the Internet can use your router to do their DNS lookups. It also means that 'attackers' can take advantage of this and use your router to attack someone else. This will use up bandwidth on your line.


The 'attack' in this sense is more about attacking somebody else on the Internet by using your DNS resolver. What happens, is that an attacker sends a DNS request to your router from a spoofed IP address. This spoofed IP address is the IP that the attacker wants to target, the victim. Your router then replies to the spoofed IP address with the DNS result. The DNS reply is larger in size to the request, and thus this is an 'amplification' attack. On its own one router won't make a difference, but when the same amplification attack is applied to many routers the aggregate reply traffic can become quite disruptive to the victim!
The 'attack' in this sense is more about attacking somebody else on the Internet by using your DNS resolver. What happens is that an attacker sends a DNS request to your router from a spoofed IP address. This spoofed IP address is the IP that the attacker wants to target, the victim. Your router then replies to the spoofed IP address with the DNS result. The DNS reply is larger in size than the request, and thus this is an 'amplification' attack. On its own one router won't make a difference, but when the same amplification attack is applied to many routers the aggregate reply traffic can become quite disruptive to the victim.


<center>
<center>
Retrieved from "http://support.aa.net.uk/Category:Open_DNS_Resolvers"