Gushing Resolvers: Measuring Open Resolvers’ Recursive Behavior

Proceedings of the 4th International Conference on Advanced Information Science and System Pub Date : 2022-11-25 DOI:10.1145/3573834.3574533

Chengxi Xu, Yunyi Zhang, Fan Shi, Huimin Ma, Wanmeng Ding, Hong Shan

{"title":"Gushing Resolvers: Measuring Open Resolvers’ Recursive Behavior","authors":"Chengxi Xu, Yunyi Zhang, Fan Shi, Huimin Ma, Wanmeng Ding, Hong Shan","doi":"10.1145/3573834.3574533","DOIUrl":null,"url":null,"abstract":"Open resolvers can be easily exploited by malicious actors to launch DDoS attacks against important services on the Internet, which has aroused much concern in the Internet community. Researchers have studied extensively the population, structure, and malicious behavior of open resolvers, while little has been done to reveal how open resolvers respond to non-recursion queries. In this paper, we conduct an Internet-wide measurement on the recursive behavior of open resolvers. We discover that more than 1 million gushing resolvers in the wild are more enthusiastic than needed to respond to non-recursive queries, either triggering a new recursive resolution process or replying with cached records. Furthermore, we discuss possible security implications posed by the massive gushing resolvers. Specifically, we show that gushing resolvers are prone to be targets of ranking manipulation attacks if they happen to be the data collection points of top lists. At last, we put forward suggestions for resolver operators to improve such a situation.","PeriodicalId":345434,"journal":{"name":"Proceedings of the 4th International Conference on Advanced Information Science and System","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th International Conference on Advanced Information Science and System","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3573834.3574533","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Open resolvers can be easily exploited by malicious actors to launch DDoS attacks against important services on the Internet, which has aroused much concern in the Internet community. Researchers have studied extensively the population, structure, and malicious behavior of open resolvers, while little has been done to reveal how open resolvers respond to non-recursion queries. In this paper, we conduct an Internet-wide measurement on the recursive behavior of open resolvers. We discover that more than 1 million gushing resolvers in the wild are more enthusiastic than needed to respond to non-recursive queries, either triggering a new recursive resolution process or replying with cached records. Furthermore, we discuss possible security implications posed by the massive gushing resolvers. Specifically, we show that gushing resolvers are prone to be targets of ranking manipulation attacks if they happen to be the data collection points of top lists. At last, we put forward suggestions for resolver operators to improve such a situation.

查看原文本刊更多论文

喷涌解析器:测量开放解析器的递归行为

开放解析器容易被恶意攻击者利用，对互联网上的重要服务发起DDoS攻击，引起了互联网界的广泛关注。研究人员已经广泛地研究了开放解析器的数量、结构和恶意行为，而很少有人揭示开放解析器如何响应非递归查询。在本文中，我们对开放解析器的递归行为进行了互联网范围的测量。我们发现，超过100万的解析器在响应非递归查询时表现得过于热情，要么触发新的递归解析过程，要么使用缓存的记录进行应答。此外，我们还讨论了大规模喷涌解析器可能带来的安全影响。具体来说，我们表明，如果喷涌式解析器恰好是顶级列表的数据收集点，则容易成为排名操纵攻击的目标。最后，为解决这一问题提出了建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 4th International Conference on Advanced Information Science and System

自引率

0.00%

发文量