header-frame

Have you noticed DNS scans from us on your network?

You can find all relevant information here!

About the project

Distributed Denial of Service (DDoS) is a type of Internet attacks in which a malicious actor overwhelms a target host by sending a large amount of network traffic. In order to do so, attackers usually misuse hosts on the Internet that are openly running connectionless networking protoclos such as Domain Name System (DNS), Network Time Protocol (NTP) and memcache, to name a few. In this research we aim to study open DNS resolvers as one of the services frequently abused in DDoS attacks.

alternative


alternative

What to expect

We send DNS queries to all routable IPv4 addresses (typically on a weekly basis). Doing so we query subdomains of research.openresolve.rs domain as an indication for network administrators to be able to contact us. In cases where a host is detected to be recursively resolving our DNS request, we would perform extra queries to further study its behaviour.



Whitelisting

If you wish to be excluded from our scans you can contact us by sending an email to r.yazdani[at]utwente.nl including the CIDRs that you want to be excluded from our scans . You would need to provide a proof that you have authority over the CIDRs that you want to be whitelisted.

Contact Us
alternative


Team Members

alternative
Ramin Yazdani
PhD student
DACS research group
University of Twente
r.yazdani[at]utwente[dot]nl
alternative
Anna Sperotto
Associate professor
DACS research group
University of Twente
a.sperotto[at]utwente[dot]nl
footer-frame