Conveners
DNS Reflection Attacks
- Merike Kaeo (Internet Identity)
Olafur Gudmundsson
(Shinkuro)
12/05/2013, 14:00
OARC Public Workshop
In our attempt to quantify/qualify whether a particular DNS resolver is DNSSEC-compliant, we realized that it is important to test for a resolver's major functional behaviors rather than looking for compliance with all possible corner cases. Based on this idea, we designed a series of tests and grades for resolvers based on each test's results. Based on the tests' outcomes we classify...
Dr
Xuebiao Yuchi
(CNNIC)
12/05/2013, 14:20
OARC Public Workshop
Recursive DNS is used to resolve other people’s domains. In order to investigate the security, stability and resiliency of recuisive DNS used in China, we bulit a nationwide distributed platform to monitor the status of recursive DNS, including all recursive DNS deployed by the three largest ISPs in China. After analyzing these data generated from this platform, some valuable information for...
Duane Wessels
(Verisign)
12/05/2013, 14:40
OARC Public Workshop
Recent attacks bring renewed attention to the millions of open resolvers on the Internet. Discovery of open resolvers has traditionally been done by wide-scale surveys of known name servers or address space. Such surveys suffer from a few problems: (1) probing traffic may be seen as abusive; (2) the desire to provide open resolver addresses to the "good guys" but keep them away from the "bad...
Jared Mauch
(NTT America)
12/05/2013, 15:00
OARC Public Workshop
The Open Resolver Project has been performing scans of the entire IPv4 space weekly and has turned up interesting trends and data about the behavior of hosts on the Internet. Many networks and CPE devices pose a risk in replying to DNS traffic, many times in ways that are unexpected or unintended. We are sharing trends and data on our observations, including providing raw data for derivative...
Duane Wessels
(Verisign),
Olafur Gudmundsson
(Shinkuro), Mr
Xuebiao Yuchi
(CNNIC),
jared mauch
(NTT)
12/05/2013, 15:20
