The Closed Resolver Project

IP address spoofing has been a well-known security issue for a long time. It enables potential attackers to change their genuine IP addresses and become untraceable. The most efficient way to fight this problem is to perform packet filtering at the network edge, also known as Source Address Validation (SAV). We evaluate the SAV deployment of inbound traffic by sending DNS A requests to local resolvers on behalf of other hosts of tested networks. Not only we check filtering policies, but also reveal closed resolvers, not seen from outside otherwise.

Are you vulnerable?

We periodically scan the whole routable IPv4 address space and a targeted list of IPv6 addresses to identify vulnerable networks. The latest tests were performed in October 2020. If you want to test your own network, please contact us.

You appear to be connecting from IP address
According to our latest measurements, we cannot determine if your network is vulnerable to inbound spoofing.


We calculate the proportion of /24 IPv4 networks confirmed to be vulnerable to inbound spoofing vs. all the networks per country. Note, that this is the lower bound estimate of the problem. Check the map below:


We describe our findings in greater detail in the following publications:


Any questions? Contact us!

If you want to find out more about our project, have your network tested or wish to exclude your network from our scanning activities, please write to us: maciej [dot] korczynski [a_t] univ-grenoble-alpes [dot] fr and/or yevheniya [dot] nosyk [a_t] etu [dot] univ-grenoble-alpes [dot] fr


This work is partially funded by the IDEX Université Grenoble Alpes "Initiative de Recherche Scientifique" within the framework of the PrevDDoS project and by the Grenoble Alpes Cybersecurity Institute CYBER@ALPS.