Distributed Denial of Service (DDoS) is a type of Internet attacks in which a malicious actor overwhelms a target host by sending a large amount of network traffic. In order to do so, attackers usually misuse hosts on the Internet that are openly running connectionless networking protoclos such as Domain Name System (DNS), Network Time Protocol (NTP) and memcache, to name a few. In this research we aim to study open DNS resolvers as one of the services frequently abused in DDoS attacks.
We send DNS queries to all routable IPv4 addresses on a weekly basis. Doing so we query subdomains of research.openresolve.rs domain as an indication for network administrators to be able to contact us. In cases where a host is detected to be recursively resolving our DNS request, we would perform extra queries to further study its behaviour.
If you wish to be excluded from our scans you can contact us by sending an email to r.yazdani[at]utwente.nl including the CIDRs that you want to be excluded from our scans . You would need to provide a proof that you have authority over the CIDRs that you want to be whitelisted.Contact Us