Presentation is loading. Please wait.

Presentation is loading. Please wait.

Self-Service Open Resolver Scanning Duane Wessels DNS-OARC Workshop Dublin May 12, 2013.

Published byVirgil Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Self-Service Open Resolver Scanning Duane Wessels DNS-OARC Workshop Dublin May 12, 2013."— Presentation transcript:

1 Self-Service Open Resolver Scanning Duane Wessels DNS-OARC Workshop Dublin May 12, 2013

2 2 What Is An Open DNS Resolver? Probe Target Auth query (no reply) Probe Target Auth query reply Probe Target Auth query reply Probe Target Auth query reply query (no reply) reply query ✖ No ✔ Yes ✖ No Duane’s definition: An Open Resolver is a DNS server which accepts queries from outside of its administrative domain and attempts to resolve the query by forwarding it to other name servers.

3 3 Recent increased awareness of open resolvers thanks to record-breaking DDoS attacks and Jared’s Open DNS Resolver Project Other Surveys/data by: Team Cymru The Measurement Factory Open Resolver Awareness

4 4 Updated on surveyor’s schedule Want to provide data to address space owners, but keep it away from the bad guys TMF selects email addresses from whois data and handles other inquiries manually. Cymru always validates manually? openresolverproject limits searches to IPv4 /22 and others validated manually. Surveyor might receive some abuse complaint emails. IPv6 surveys unrealistic. Open Resolver Surveys

5 5 On the user’s schedule. Probes initiated by the user from addresses of their choosing. Offers some motivation to not scan other’s address space. IPv6 a possibility. The user knows which addresses are in use. But: no public pressure (shaming). Self-Service Scanning?

6 6 How Does It Work?

7 7 Register for an account. Create a “token” for some chunk of address space. Token valid for 7 days. Run the scanner tool. Sends queries to coded names in orscan.verisignlabs.com Authoritative name server validates and logs received queries. Authoritative name server does not reply! Login to view scan results. Overview

8 8 Identify an instance of a scan Some crypto to prevent simple spoofing Time-limited (one week) to prevent replays Restrict the scope of scanning IPv4 /8 IPv6 /64 Why Tokens?

9 9 Step-by-Step Example

10 10 Login

11 11 Create a Token

12 12 Run the Scan

13 13 Check Results

14 14 Detailed Results

15 15 Feedback Welcomed! https://www.verisignlabs.com/orscan/

16 Thank You © 2013 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.

Download ppt "Self-Service Open Resolver Scanning Duane Wessels DNS-OARC Workshop Dublin May 12, 2013."

Similar presentations

© 2012 YP Intellectual Property LLC. All rights reserved. YP, the YP logo and all other YP marks contained herein are trademarks of YP Intellectual Property.

© 2012 YP Intellectual Property LLC. All rights reserved. YP, the YP logo and all other YP marks contained herein are trademarks of YP Intellectual Property.
AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms

AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms
Updates to ‘dnscap’ Duane Wessels DNS-OARC Workshop Dublin May 12, 2013.

Updates to ‘dnscap’ Duane Wessels DNS-OARC Workshop Dublin May 12, 2013.
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.

Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!

SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!
Open Resolvers in COM/NET Resolution Duane Wessels, Aziz Mohaisen DNS-OARC 2014 Spring Workshop Warsaw, Poland.

Open Resolvers in COM/NET Resolution Duane Wessels, Aziz Mohaisen DNS-OARC 2014 Spring Workshop Warsaw, Poland.
Novell Vibe Webinar: Basic Business Issues March 6 th and 8 th Adam Wingate, Justin Larson, Landon Stott, Craig Altom Vibe Resource Library

Novell Vibe Webinar: Basic Business Issues March 6 th and 8 th Adam Wingate, Justin Larson, Landon Stott, Craig Altom Vibe Resource Library
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Individual User Logins

Individual User Logins
Measuring DANE TLSA Deployment Liang Zhu 1, Duane Wessels 2, Allison Mankin 2, John Heidemann 1 1. USC ISI 2. Verisign Labs 1.

Measuring DANE TLSA Deployment Liang Zhu 1, Duane Wessels 2, Allison Mankin 2, John Heidemann 1 1. USC ISI 2. Verisign Labs 1.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.

Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Harness Your Internet Activity. Zeroing in On Zero Days DNS OARC Spring 2014 Ralf Weber

Harness Your Internet Activity. Zeroing in On Zero Days DNS OARC Spring 2014 Ralf Weber
Network Abuse Handling in CNNIC and JPNIC Terence Zhang, CNNIC Izumi Okutani, JPNIC.

Network Abuse Handling in CNNIC and JPNIC Terence Zhang, CNNIC Izumi Okutani, JPNIC.

Similar presentations

Ads by Google