TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws....
Transcript of TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws....
![Page 1: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/1.jpg)
7/11/19
Open Resolvers Project CuraçaoTLP WHITE
![Page 2: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/2.jpg)
7/11/19
Introductiono .CW Statistics 2018o CARICERT identified different infected IP
addresses o CARICERT noticed a long list of DNS open
resolvers o Incentive to start with an open resolver
project for our local domain
![Page 3: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/3.jpg)
7/11/19
Domain Name Space tree
![Page 4: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/4.jpg)
7/11/19
Open Resolvers Statistics per ISPo
![Page 5: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/5.jpg)
7/11/19
Total Open Resolvers Statisticso
![Page 6: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/6.jpg)
7/11/19
Open Resolvers Statisticso
![Page 7: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/7.jpg)
7/11/19
Problem Descriptiono Open Resolvers pose a significant risk to the
global network infrastructureo Open Resolvers are vulnerable for:
§ DOS attacks§ DNS cache poisoning§ Unauthorized use of resources§ Root name server performance degradation
![Page 8: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/8.jpg)
7/11/19
Recursive DNS Query
![Page 9: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/9.jpg)
7/11/19
Analysis & Breakdown
![Page 10: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/10.jpg)
7/11/19
How to detect open resolvers in your network?
1. https://www.openresolver.nl/
2. https://www.thinkbroadband.com/tools/open-dns-resolver-check/
3. https://openresolver.com/
4. http://www.openresolver.jp/en/
![Page 11: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/11.jpg)
7/11/19
Mitigation & Possible Solutionso Applying proper egress filtering on your
network. o Follow security best practices for
configuring DNSo DNSSEC
![Page 12: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/12.jpg)
7/11/19
Mitigation & Possible Solutionso Response Rate Limitingo Limit recursion.
![Page 13: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/13.jpg)
7/11/19
Possible DNS Configurationo
![Page 14: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/14.jpg)
7/11/19
Possible DNS Configurationo
![Page 15: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/15.jpg)
7/11/19
Conclusion & Recommendationso All misconfigured DNS Servers might be an
Open resolver.o There's still a limit to the influence of the
ISP’s on the behavior of their customers. o Limit recursion to only authorized clients
![Page 16: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/16.jpg)
7/11/19
Conclusion & Recommendations
o Configure Authoritative DNS servers to use DNS RRL [Response Rate Limiting].
o Apply the recommendations from IETF (BCP-38) and (BCP-84) documents.
o Update the local Cyber Security Laws
![Page 17: TLP WHITE Open Resolvers Project ... - onthemove.lacnic.net...oUpdate the local Cyber Security Laws. 7/11/19 Thank You. Title: Charlton Donker_Open Resolvers Project_LACNIC on the](https://reader035.fdocuments.in/reader035/viewer/2022071109/5fe4b7f1ba809b37f710bdac/html5/thumbnails/17.jpg)
7/11/19
Thank You