The Closed Resolver Project

IP address spoofing has been a well-known security issue for a long time. It enables potential attackers to change their genuine IP addresses and become untraceable. The most efficient way to fight this problem is to perform packet filtering at the network edge, also known as Source Address Validation (SAV). Together with our partners from Université Grenoble Alpes we evaluate the SAV deployment of inbound traffic by sending DNS A requests to local resolvers on behalf of other hosts of tested networks. Not only we check filtering policies, but also reveal closed resolvers, not seen from outside otherwise.

Are you vulnerable?

Our partners from Université Grenoble Alpes periodically scan the whole routable IPv4 address space and a targeted list of IPv6 addresses to identify vulnerable networks. If you want to test your own network, please contact us.

Results

We calculate the proportion of /24 IPv4 networks confirmed to be vulnerable to inbound spoofing vs. all the networks per country. Note, that this is the lower bound estimate of the problem. Check the map below:

Papers

We describe our findings in greater detail in the following publications:

Maciej Korczyński, Yevheniya Nosyk, Qasim Lone, Marcin Skwarek, Baptiste Jonglez, and Andrzej Duda. March 2020. Don't Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic. In Passive and Active Measurement Conference. Springer, 107-121. Download Show citation

                        
    @inproceedings{korczynski2020pam,
            title = {{Don't Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic}},
            author = {Korczy\'{n}ski, Maciej and Nosyk, Yevheniya and Lone, Qasim and Skwarek, Marcin and Jonglez, Baptiste and Duda, Andrzej},
            booktitle = {Proceedings of the 21st International Conference on Passive and Active Measurement},
            series = {Lecture Notes in Computer Science},
            publisher = {Springer},
            pages = {107--121},
            year = {2020},
            doi = {10.1007/978-3-030-44081-7\_7}
        }

Yevheniya Nosyk, Maciej Korczyński, Qasim Lone, Marcin Skwarek, Baptiste Jonglez, and Andrzej Duda. May 2020. The Closed Resolver Project: Measuring the Deployment of Source Address Validation of Inbound Traffic. In IEEE/ACM ransactions on Networking. Download Show citation

                        
    @misc{nosyk2023closed,
            title={The Closed Resolver Project: Measuring the Deployment of Source Address Validation of Inbound Traffic},
            author={Yevheniya Nosyk and Maciej Korczy\'{n}ski and Qasim Lone and Marcin Skwarek and Baptiste Jonglez and Andrzej Duda},
            year={2023},
            journal={IEEE/ACM Transactions on Networking}, 
            pages={1-15},
            doi={10.1109/TNET.2023.3257413}
        }

Maciej Korczyński, Yevheniya Nosyk, Qasim Lone, Marcin Skwarek, Baptiste Jonglez, and Andrzej Duda. July 2020. Inferring the Deployment of Inbound Source Address Validation Using DNS Resolvers. In Applied Networking Research Workshop 2020 (ANRW'20). Download Show citation

                        
    @inproceedings{korczyski2020anrw,
            title = {Inferring the Deployment of Inbound Source Address Validation Using DNS Resolvers},
            author = {Korczy\'{n}ski, Maciej and Nosyk, Yevheniya and Lone, Qasim and Skwarek, Marcin and Jonglez, Baptiste and Duda, Andrzej},
            booktitle = {Proceedings of the Applied Networking Research Workshop},      
            series = {ANRW '20}
            publisher = {Association for Computing Machinery},
            pages = {9-11},
            year = {2020},
            doi = {10.1145/3404868.3406668}           
        }

News

[2023.03.27] Our paper, titled "The Closed Resolver Project: Measuring the Deployment of Inbound Source Address Validation" was published at the IEEE/ACM Transactions on Networking journal.
[2021.01.01] RIPE NCC and NCSC-NL have joined the project.
[2020.10.29] We also featured The Closed Resolver Project on RIPE Labs.
[2020.10.05] We wrote a post for APNIC Blog describing our project.
[2020.06.11] We extended our previously published paper with the IPv6 measurent results.
[2020.05.29] The Closed Resolver Project will be presented at Applied Networking Research Workshop 2020 (ANRW'20).
[2020.03.12] We started measurements in the IPv6 address space.
[2020.02.12] This website is up.
[2019.12.20] Our paper, titled "Don't Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic", was accepted to The Passive and Active Measurement Conference 2020.
[2019.02.14] The Closed Resolver Project started.

Any questions? Contact us!

If you want to find out more about our project, have your network tested or wish to exclude your network from our scanning activities, please contact us.

Partners

This work is partially funded by the IDEX Université Grenoble Alpes "Initiative de Recherche Scientifique" within the framework of the PrevDDoS project, the Grenoble Alpes Cybersecurity Institute CYBER@ALPS, NCSC-NL, RIPE NCC and LSI Carnot.