Open Resolvers at Colleges

Open DNS resolvers are a hazard on the Internet, and networks that run them are bad neighbors.

Cloudflare explained the problem, named some worst offendors, and saw some progress in decreasing their numbers, as explained in this blog post from Feb, 2013:

Good Web Security News: Open DNS Resolvers Are Getting Closed

I wondered how much of the problem comes from colleges, so I downloaded the latest daily report from the Open Resolver Project (which seems to have stopped running on Nov. 12, 2013):

http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/

That report shows a total of 7170 Autonomous Systems with a total of 77,335 open resolvers. I found the ones with these words in their names: "University", "School", "College", "Institute", "Academic", or "Education". There were 493 Autonomous Systems in that category with a total of 3590 open resolvers, so colleges run about 4.6% of the world's open resolvers.

Here are the top 100 educational networks running open resolvers. I highlighted the ones that are obviously in the USA. There are a lot of them, and a lot of them are in California. We certainly are not setting a good example for security here!

Top USA Educational Open Resolvers

Notifications

I am trying to improve my notifications to make them more effective. Here are the latest improvements:

Using Bcc: to hopefully look less like spam
Careful subject line to avoid misunderstandings
Adding my Twitter profile at the top to make it easier for people to find out I'm a legitimate security professional
Linking to an obviously harmless mass media story explaining the issue, since some people are scared of my .info domain

Here is the letter I sent:

Security Problem on Your Network Hello: I am Sam Bowne, an Instructor in Computer Networking and Information Technology at City College San Francisco. If you want to know more about me, look at my Twitter profile: https://twitter.com/sambowne You are running open DNS resolvers on your network, which are frequently used by criminals for attacks on other networks. In fact, your network is one of the ten worst USA educational networks for this issue, as shown in the chart below. Here are the top ten USA educational networks with the number of open resolvers: 1 CSUNET-NW - California State University Network 103 2 ENA - Education Networks of America 64 3 ONENET-AS-1 - Oklahoma Network for Education Enrichment and 37 4 UNIV-ARIZ - University of Arizona 33 5 WISC-MADISON-AS - University of Wisconsin Madison 22 6 UIC-AS - University of Illinois at Chicago 20 7 UNIVHAWAII - University of Hawaii 19 8 UCSB-NET-AS - University of California, Santa Barbara 18 9 MORENET - University of Missouri - dba the Missouri Research 16 10 WEST-NET-WEST - Utah Education Network 15 This article discusses the problem and ways to fix it: http://www.informationweek.com/attacks/is-your-dns-server-a-weapon/d/d-id/1112013? I found this information as part of an ongoing research project into security problems on college networks. Details of my project are here: http://samsclass.info/125/proj11/college-security.htm
Feel free to contact me if I can be of any assistance.

I sent similar letters, notifying the schools approximately ten at a time.

Results

On 7-19-14, I downloaded today's data, from:

http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/20140719.html

which seems to be up again.

I compared the new numbers to the old, and found a 38% decrease in open resolvers, from a total of 682 to 421.

Only two colleges closed all ther resolvers:

WWU - Western Washington University
FIU - Florida International University

Two colleges increased their number of open resolvers:

UNM-AS - University of New Mexico
NIU - Northern Illinois University

Details

Posted 5:17 pm 12-16-13 by Sam Bowne
Updated with results 7-19-14