Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Ecology of Open Resolvers

ytakano
March 16, 2015
Technology
0
470

The Ecology of Open Resolvers

This slide shows the result of active scan and passive monitoring of DNS open resolvers in 2013.

ytakano

March 16, 2015
Tweet

More Decks by ytakano

See All by ytakano
論理構造入門
ytakano
0
200
アクターモデル
ytakano
0
500
π計算
ytakano
0
62
FARIS: Fast and Memory-efficient URL Filter by Domain Specific Machine
ytakano
0
150
リアクティブプログラミング
ytakano
0
580
MindYourPrivacy: Design and Implementation of a Visualization System for Third-Party Web Tracking - IEEE PST 2014
ytakano
0
420
SF-TAP: Scalable and Flexible Traffic Analysis Platform running on Commodity Hardware
ytakano
0
650
SF-TAP Tutorial Flow Abstractor ver.
ytakano
0
660
Survey of Transactional Memory
ytakano
0
740

Other Decks in Technology

See All in Technology
Log Analytics を使った実際の運用 - Sansan Data Hub での取り組み
sansantech
PRO
0
150
AI-Driven-Development-20250310
yuhattor
2
130
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
550
スクラムというコンフォートゾーンから抜け出そう!プロジェクト全体に目を向けるインセプションデッキ / Inception Deck for seeing the whole project
takaking22
3
210
Two Blades, One Journey: Engineering While Managing
ohbarye
4
2.8k
入門 PEAK Threat Hunting @SECCON
odorusatoshi
0
190
CSPMとのつきあい方
nantokanare
0
110
Global Databaseで実現するマルチリージョン自動切替とBlue/Greenデプロイ
j2yano
0
180
AIエージェント元年@日本生成AIユーザ会
shukob
1
270
開発者のための FinOps/FinOps for Engineers
oracle4engineer
PRO
2
270
x86-64 Assembly Essentials
latte72
4
640
書籍『入門 OpenTelemetry』 / Intro of OpenTelemetry book
ymotongpoo
4
260

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
175
52k
Building Applications with DynamoDB
mza
93
6.2k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
The Cult of Friendly URLs
andyhume
78
6.2k
Gamification - CAS2011
davidbonilla
80
5.2k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Typedesign – Prime Four
hannesfritz
41
2.5k
Why Our Code Smells
bkeepers
PRO
336
57k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
Practical Orchestrator
shlominoach
186
10k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k

Transcript

  1. 5IF&DPMPHZPG0QFO 3FTPMWFST /BUJPOBM*OTUJUVUFPG*OGPSNBUJPOBOE$PNNVOJDBUJPOT5FDIOPMPHZ +BQBO :VVLJ5BLBOP 1

  2. 5BCMFPG$POUFOUT w CBDLHSPVOEBOEQVSQPTF w BDUJWFTDBO w QBTTJWFNPOJUPS w DPODMVTJPO 2

  3. #BDLHSPVOE %/4"NQMJpDBUJPO"UUBDL w JODSFBTFEGSPN w POFPGUIF%%P4BUUBDL w BCVTFUIFGBDUUIBUSFTQPOTFQBDLFUTPG%/4 CFDPNFCJH w

    BUUBDLTBSFQFSGPSNFECZTPVSDFBEESFTT TQPPpOH 3

  4. 1VSQPTF w JOWFTUJHBUFPQFOSFTPMWFSTBCVTFECZ UIF%/4BNQMJpDBUJPOBUUBDL w PQFOSFTPMWFST w VTFSTPGPQFOSFTPMWFST 4

  5. "DUJWF4DBO w TDBOOFEXIPMF*1WBEESFTTTQBDF w 7&34*0/#*/%RVFSZ
 EJH!U595D$)"047&34*0/#*/% w SFDVSTJPOBWBJMBCMF 
 DIFDLXIFUIFSPQFOSFTPMWFSPSOPU

    w GSPN+VMZUIUP+VMZUI  5

  6. %JTUSJCVUJPOPG0QFO3FTPMWFST 6

  7. %JTUSJCVUJPO1FS3*3 ද 2 DNS αʔόιϑτ΢ΣΞछྨ෼෍ Table 2 Distribution of DNS

    Server Types Total APNIC RIPE ARIN LACNIC AFRINIC other Type of DNS # % # # # # # # BIND 9.x 4268442 (14.1%) 806357 1530177 1126501 169268 121556 514583 † 1851362 ( 6.1%) 551458 781954 176399 94385 117906 129260 BIND 8.x 35218 (0.1%) 4588 21348 6663 974 32 1613 † 30444 (0.1%) 4202 18958 5186 854 31 1213 BIND 4.x 3486 (0.0%) 121 2751 440 43 0 131 † 2765 (0.0%) 93 2256 348 11 0 57 Dnsmasq 1308653 (4.3%) 692042 216273 75201 226880 32676 65581 † 1308381 (4.3%) 692026 216028 75196 226877 32676 65578 Nominum Vantio 968041 (3.2%) 553404 284852 20142 21205 70861 17577 † 967044 (3.2%) 552650 284782 20125 21200 70736 17551 Nominum ANS 687 (0.0%) 18 34 79 42 2 512 † 13 (0.0%) 2 0 0 11 0 0 PowerDNS 373588 (1.2%) 14215 329994 14360 2952 91 11976 † 372684 (1.2%) 14207 329116 14354 2952 91 11964 Unbound 71781 (0.2%) 16230 43507 6941 1510 1585 2008 † 23220 (0.0%) 3281 14398 4638 315 312 276 NSD 33933 (0.1%) 1731 11077 17182 322 13 3608 † 17 (0.0%) 5 5 2 1 0 4 can’t detect 8281885 (27.3%) 4012525 2367711 429450 690618 279903 501678 † 7658656 (25.3%) 3911886 2118455 244682 670597 278183 434853 Windows series 11698 (0.0%) 184 1077 85 10312 0 40 † 11342 (0.0%) 129 865 67 10257 0 24 no version info 14927910 (49.3%) 3457029 4505928 1442348 4025325 699029 798251 † 12746062 (42.1%) 3050589 3465814 1179188 3919438 668399 462634 Total 30285322 (100.0%) 9558444 9314729 3139392 5149451 1205748 1917558 † 24971990 (82.5%) 8780528 7232631 1720185 4946898 1168334 1123414 †: DNS ΦʔϓϯϦκϧό 2013 ೥ 7 ݄ 5 ೔ 17 ࣌ 26 ෼ - 7 ݄ 6 ೔ 19 ࣌ 38 ෼ (JST)

  8. %JTUSJCVUJPO1FS%PNBJO ࿦จʗDNS ΦʔϓϯϦκϧόͷ࣮ଶ

  9. %JTUSJCVUJPO1FS+1%PNBJO ిࢠ৘ใ௨৴ֶձ࿦จࢽ xxxx/xx Vol. Jxx–B No. xx

  10. 1BTTJWF.POJUPS   4JMFOU.POJUPS w DBQUVSFTDBOQBDLFUTGPS%/4 w GSPN4FQUIUP+BOUI 10

  11. 2VFSZ5ZQFTPG4DBO 1BDLFUT ද 3 ୳ࡧύέοτͷΫΤϦλΠϓ౷ܭ Table 3 Query Types of

    Probe Packet type # A 11,972 ANY 268 PTR 7 NS 5 TXT 1 11

  12. 2VFSZ/BNFTPG4DBO 1BDLFUT TXT 1 ද 4 ୳ࡧύέοτͷΫΤϦ໊౷ܭ Table 4 Query

    Names of Probe Packet query name # www.ujiaoban.com. 1,145 vip3.gfdns.net. 666 dnsscan.shadowserver.org. 593 www.iana.org. 143 pay.13hp.com. 84 . 72 ghmn.ru. 48 loo1.ru. 29 isc.org. 28 fkfkfkfa.com. 21 12

  13. 2VFSZ0SJHJO w "4 FDBUFMOFU  w EOTTDBOTIBEPXTFSWFSPSH w PQFOSFTPMWFSQSPKFDUPSH w

    BOENBOZPUIFSPSJHJOT 13

  14. 1BTTJWF.POJUPS   6TF"DUVBM0QFO3FTPMWFS w XFQSFQBSFEUZQFTPGPQFOSFTPMWFST w OPSNBMPQFOSFTPMWFS w OPSFTUSJDUJPO

    w SFTQPOEUPBMMRVFSJFT w SFTUSJDUFEPQFOSFTPMWFS w ESPQRVFSJFTGSPN"4 14

  15. 2VFSZ5ZQFT ɼ ΑΓɼA ΫΤϦʹΑΔ߈ܸʹ΋զʑͷΦʔϓϯϦκϧ ό͕ѱ༻͞ΕͨՄೳੑ͕ߴ͍͜ͱ͕Θ͔Δɽ ද 5 ΦʔϓϯϦκϧόͷར༻ΫΤϦλΠϓ౷ܭ Table 5

    Query Types to Open Resolver type # # (drop AS 29073) ANY 33,564,934 14,359,798 A 2,910,108 727,044 TXT 38,292 32,618 RRSIG 4,719 0 MX 1 0 SOA 1 0 SRV 1 1 TYPE0 0 78,088 11 15

  16. 2VFSZ4UBUJTUJDTPG"/: 16 ϓϯϦκϧόͷυϝΠϯ෼෍ (্Ґ 100 Ґ) DNS Open Resolvers in

    JP TLD (Top 100) 6 ද غ . ͯ དྷ ɽ ͨ ۃ Ϋ ද 6 ANY ΫΤϦ౷ܭ Table 6 ANY Query Statistics query #queries #queries (drop AS 29073) pkts.asia. 10,971,788 331 isc.org. 10,926,653 9,369,123 . 2,758,851 2,668,052 krasti.us. 1,974,023 3 fkfkfkfa.com. 1,701,773 20 ym.rctrhash.com. 916,113 1,346,231 ghmn.ru. 689,708 3 x.slnm.info. 650,039 1 lrc-pipec.com. 515,806 21,557 eschenemnogo.com. 452,167 444,744

  17. 2VFSZ4UBUJTUJDTPG" ࿦จʗDNS ΦʔϓϯϦκϧόͷ࣮ଶ ද 7 A ΫΤϦ౷ܭ Table 7 A

    Query Statistics query #queries #queries (drop AS 29073) reanimator.in. 873,583 11 ilineage2.ru. 863,495 6 eschenemnogo.com. 711,605 711,703 txt.fwserver.com.ua. 219,073 2 lrc-pipec.com. 210,354 9 ghmn.ru. 18,393 14,894 1x1.cz. 6,798 1 doc.gov. 5,963 0 aa.10781.info. 191 178 dnsscan.shadowserver.org. 101 91 17

  18. 5JNF$IBSUPG"/: no restriction drop AS 29073 18

  19. 5JNF$IBSUPG" no restriction drop AS 29073 19

  20. "4JT1SPCBCMZ "CVTFECZ%%P4 hosting server of Netherland bitcon purchase available 20

  21. $PODMVTJPO w UIFSFBSFNBOZPQFOSFTPMWFSTJOUIJT XPSME BCPVUNJMMJPO  w "4JTQSPCBCMZBCVTFEGPS%%P4 BUUBDL 21