A US company has named over 50 Australian network operators for helping supercharge a three week distributed denial of service (DDoS) attack on one of its customers, but an Australian network engineer says the companies blamed probably aren\u2019t at fault.CloudFlare, a US-based website accelerator that recently opened a Sydney point of connection, has identified over 1,200 open DNS (domain name service) resolvers within Australia that helped make a botnet-controlled DDoS attack on its client large enough to rattle most businesses.The top Australian \u201coffender\u201d that supported the 20 Gbps attack is Telstra, with 180 open DNS resolvers, followed by Austdomains.com.au, TPG, Uber Global and Net Logistics. The companies all had over 100 open DNS resolvers. Uber itself was the target of a DDoS attack that took it offline for over an hour this week.DNS is the equivalent of a telephone directory that matches IP addresses with the name given to websites, while DNS resolvers act as a Directory Assistance service that helps uses interact with the underlying database.Criminals that launch a DDoS are exploiting open DNS resolvers because the response to a DNS query is much larger than the initial request, according to CloudFlare\u2019s CEO Matthew Prince. By hitting an open DNS server, an attacker can amplify a DDoS attack.The problem for DDoS victims stems from the failure to verify the authenticity of the source of a request, says Prince. That means criminals can spoof a UDP request that is 64 bytes in size and can draw a response that is 50 times larger.The pay-off for criminals exploiting the absence of a check is that they can significantly amplify their attacks -- or launch larger attacks without having so many zombie PCs."Some of the Australian networks have been helpful in beginning to clean up their space, some have not. We reached out to AU Cert, which is the organization to which you generally report network threats, but have not yet received a response," Prince told cso.com.au.While a 20 Gbps DDoS is large, DDoS protection service, Prolexic, in October declared it \u201cthe new norm\u201d. Attacks on Chinese companies regularly reach 45 Gbps while Prolexic and rival, Arbor Networks, have recorded attacks greater than 100 Gbps in the last year.The Australian companies in CloudFlare\u2019s list of culprits included iiNet-owned ISP Internode, which had over 80 open resolvers that were used in the attack against CloudFlafre\u2019s client.But that doesn\u2019t mean Internode itself actually had 80 open DNS resolvers, according to network engineer Mark Newton.\u201cI'd be surprised if the ones run by Internode themselves weren't locked down,\u201d Newton old CSO.com.au.The problem that CloudFlare has identified more likely stems from operators\u2019 customers.\u201cIt\u2019s probably more accurate to say that Internode customers have around 80 open DNS resolvers,\u201d said Newton.\u201cIf you happen to be a Telstra customer and you run up an instance of BIND on a Linux box at home and port-forward it to the outside world, it's hardly fair for that to count as an open resolver on Telstra's network, is it?\u201dOne reason why DNS resolvers remain open is that BIND -- the dominant DNS software -- is that by default it remains open in most operating systems, said Newton.CloudFlare\u2019s list of offenders might incorrectly blame operators, but the concern it raised is nonetheless legitimate.\u201cIt isn't hard to use an [Access Control Lists] to close it, but most people don't bother,\u201d said Newton.Follow @CSO_Australia and sign up to the CSO Australia newsletter.