Are You a Zombie? How to Check for Open DNS Resolvers
The recent Distributed Denial of Service attack against international spam-fighting group SpamHaus used a technique called DNS reflection to generate huge amounts of traffic for SpamHaus, overloading their servers. This technique relies on using thousands of improperly configured DNS servers to amplify the DDoS attack, in this case by a factor of several hundred. There are plenty to find; the Open DNS Resolver Project has identified over 25 million such servers. Is yours (or your company's) one of them?
My Security Watch colleague Fahmida Rashid has a DNS resolver in her basement, but for most home and small business networks DNS is just another service supplied by the ISP. A more likely spot for problems is a business big enough to have its own complete network infrastructure but not big enough to have a full time network administrator. If I worked in such a company, I'd want to check my DNS resolver to make sure it couldn't be conscripted into a zombie army.