The Closed Resolver Project

IP address spoofing has been a well-known security issue for a long time. It enables potential attackers to change their genuine IP addresses and become untraceable. The most efficient way to fight this problem is to perform packet filtering at the network edge, also known as Source Address Validation (SAV). Together with our partners from Université Grenoble Alpes we evaluate the SAV deployment of inbound traffic by sending DNS A requests to local resolvers on behalf of other hosts of tested networks. Not only we check filtering policies, but also reveal closed resolvers, not seen from outside otherwise.

Are you vulnerable?

Our partners from Université Grenoble Alpes periodically scan the whole routable IPv4 address space and a targeted list of IPv6 addresses to identify vulnerable networks. If you want to test your own network, please contact us.

Results

We calculate the proportion of /24 IPv4 networks confirmed to be vulnerable to inbound spoofing vs. all the networks per country. Note, that this is the lower bound estimate of the problem. Check the map below:

Papers

We describe our findings in greater detail in the following publications:

News

Any questions? Contact us!

If you want to find out more about our project, have your network tested or wish to exclude your network from our scanning activities, please contact us.

Partners

This work is partially funded by the IDEX Université Grenoble Alpes "Initiative de Recherche Scientifique" within the framework of the PrevDDoS project, the Grenoble Alpes Cybersecurity Institute CYBER@ALPS, NCSC-NL, RIPE NCC and LSI Carnot.

Logos