opportunityopenerdns
openerdns 时间:2021-05-02 阅读:(
)
1akamai's[stateoftheinternet]/SecurityBulletin11.
1OVERVIEW/PLXserthasbeenmonitoringanewtrendintheuseofDNSamplificationattacks.
AmplificationattacksarespecialtypesofDDoSattacksthataredesignedtogeneratelargeresponsepacketswithrelativelysmallrequests.
AttackersarecraftinglargeDNSTXT(text)recordstoincreaseamplification,magnifyingtheimpactoftheattack.
Forexample,severalcampaignsobservedsinceOctober4,2014containfragmentsoftexttakenfrompressreleasesissuedbytheWhiteHouse.
PLXsertsuspectsthattheDNSfloodertoolcontinuestobeusedinthesecampaigns.
BycraftingtheirownTXTrecords,attackerscanamplifyresponsesasdesiredanddirectthistraffictotargetedsites,including—butnotlimitedto—DNSservers.
Theamplifiedtrafficresponsecouldeventuallyoverwhelmthetargetedsiteandrenderitunabletorespondtoanyrequests.
AttackershaveusedlargeTXTrecordsinreflectionattacksinthepast.
PreviousvictimsofDNSamplificationattacksusingTXTrecordsincludesitessuchasisc.
organdmany.
govsites.
Withthisnewthreat,maliciousactorsarenowcraftingtheTXTrecordstoprovidethelargestresponsesizepossible,therebyhavingasmuchimpactaspossible.
TheTXTrecordsintheOctober2014attackshavebeenidentifiedasoriginatingfromtheguessinfosys.
comdomain.
1.
2HIGHLIGHTEDATTRIBUTESAttackstatistics§Peakbandwidth:4.
3Gigabitspersecond(Gbps)§Attackvectors:DNSreflectionandamplification§Sourceport(s):53§Destinationport(s):80,random1SECURITYBULLETIN:CRAFTEDDNSTEXTATTACKGSIID:1082TLP:GREEN11.
11.
14RISKFACTOR-MEDIUM2akamai's[stateoftheinternet]/SecurityBulletin2Primarytargets§Entertainment§Education§HightechconsultingSamplepayloads21:38:55.
972524IPX.
X.
X.
X.
53>X.
X.
X.
X.
52967:585613/0/3A50.
63.
202.
58,NSns71.
domaincontrol.
com.
,NSns72.
domaincontrol.
com.
,SOA,MXmailstore1.
secureserver.
net.
10,MXsmtp.
secureserver.
net.
0,TXT"PresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigning13:43:36.
094522IPX.
X.
X.
X.
53>X.
X.
X.
X.
52506:1153210/13/16TXT"PresidenftxtObamaistakingaction",TXT[|domain]13:43:36.
094854IPX.
X.
X.
X.
53>X.
X.
X.
X.
5926:3540810/13/16TXT"Presidentalsooutlines""thedetailsaboutthetransmissionandtreatmentofEbola",TXT[|domain]2Figure1:TheentertainmentindustrywasthemaintargetoftheOctober2014DNSreflectionattacks.
3akamai's[stateoftheinternet]/SecurityBulletin33guessinfosys.
com.
85964INTXT"PresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigningLegislationMyFrontPorchAmericansacrossthePresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigningLe""gislationMyFrontPorchAmericansacrossthe"guessinfosys.
com.
85964INTXT"PresidentxtObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigningLegislationMyFrontPorchAmericansacrossthePresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigning""LegislationMyFrontPorchAmericansacrossthe"guessinfosys.
com.
85964INTXT"PresidenftxtObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigningLegislationMyFrontPorchAmericansacrossthePresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigning""LegislationMyFrontPorchAmericansacrossthe"guessinfosys.
com.
85964INTXT"InavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismornin""gInavideoreleasedthismorningInavideoreleasedthismorning,PresidentObamaaddressesthepeopleofWestAfricaabouttheEbolaoutbreakthatiscurrentlyaffectingthecountriesofLiberia,SierraLeone,Guinea,andNigeria.
ThePresidentreiterate""sinthevideothat,alongwithourpartnersaroundtheworld,theUnitedStatesisworkingwiththesecountries'governmentstohelpstopthedisease.
Thefirststepinthisfight,however,isknowingthefacts--whichiswhythePresidentalsooutlines""thedetailsaboutthetransmissionandtreatmentofEbola"guessinfosys.
com.
85964INTXT"InavideorInavideoreleasedthismorningeleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismornin""gInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorning"guessinfosys.
com.
85964INTXT"InaviddeorInavideoreleasedthismorningeleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorni""ngInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorning"guessinfosys.
com.
85964INTXT"InaviddeofrInavideoreleasedthismorningeleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorn""ingInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorning"Maliciousrequestsforguessinfosys.
comcanbeobservedinthewildonanongoingbasis.
Theserequestsattempttouseopenresolversasintermediatevictimstoreflectattacktrafficbacktoatarget.
Forthemostpart,theusefulnessofthesemaliciousdomainsdropsoffafterafewdaysasserveradminsbegintoblockofftherequests.
Figure2:Digresultsforguessinfosys.
comTXTrecordsshowmultipleTXTstringsliftedfromWhiteHousepressreleases4akamai's[stateoftheinternet]/SecurityBulletin4418:11:32.
433099IPX.
X.
X.
X.
16484>X.
X.
X.
X.
53:37834+[1au]ANYguessinfosys.
com.
(45).
.
.
.
E.
.
Ib.
.
.
.
.
.
.
Ma.
.
.
.
Fx@d.
5.
5.
guessinfosys.
com.
1.
3MITIGATION/DNSreflectionandamplificationattacksmakeuseofthesametacticsusedbyothertypesofreflectioncampaigns,suchasSNMP,SSDPorCHARGEN.
Theprimaryimpacttothetargetedserviceistheoverallbandwidthgenerated.
DNSreflectionattackscanbemitigatedsuccessfullyatthenetworkedge.
Anaccesscontrollist(ACL)wouldsufficebutonlyincaseswhereavailablebandwidthexceedsattacksize.
SomeDNSserverswillattempttoretrytheresponseusingTCP,butwhentherequestissenttothetargethost,notransferwilloccurandtheattemptwillfail.
DDoScloud-basedprotectionservicessuchastheoneprovidedbyAkamaiTechnologiesarerecommended.
Status:PLXsertiscurrentlymonitoringongoingcampaigns.
Futureadvisoriesandupdateswillbeprovidedifwarranted.
Figure3:Aguessinfosys.
comrequestattemptingtoreflecttrafficoffacustomerDNSserverFigure4:TheOctober2014craftedDNSTXTamplificationattackslastedmorethanfivehoursduringeachattackandpeakedatmorethan15hoursonOctober245akamai's[stateoftheinternet]/SecurityBulletinTheProlexicSecurityEngineeringandResearchTeam(PLXsert)monitorsmaliciouscyberthreatsgloballyandanalyzestheseattacksusingproprietarytechniquesandequipment.
Throughresearch,digitalforensicsandpost-eventanalysis,PLXsertisabletobuildaglobalviewofsecuritythreats,vulnerabilitiesandtrends,whichissharedwithcustomersandthesecuritycommunity.
Byidentifyingthesourcesandassociatedattributesofindividualattacks,alongwithbestpracticestoidentifyandmitigatesecuritythreatsandvulnerabilities,PLXserthelpsorganizationsmakemoreinformed,proactivedecisions.
Akamaiisaleadingproviderofcloudservicesfordelivering,optimizingandsecuringonlinecontentandbusinessapplications.
Atthecoreofthecompany'ssolutionsistheAkamaiIntelligentPlatformprovidingextensivereach,coupledwithunmatchedreliability,security,visibilityandexpertise.
Akamairemovesthecomplexitiesofconnectingtheincreasinglymobileworld,supporting24/7consumerdemand,andenablingenterprisestosecurelyleveragethecloud.
TolearnmoreabouthowAkamaiisacceleratingthepaceofinnovationinahyperconnectedworld,pleasevisitwww.
akamai.
comorblogs.
akamai.
com,andfollow@AkamaionTwitter.
AkamaiisheadquarteredinCambridge,MassachusettsintheUnitedStateswithoperationsinmorethan40officesaroundtheworld.
OurservicesandrenownedcustomercareenablebusinessestoprovideanunparalleledInternetexperiencefortheircustomersworldwide.
Addresses,phonenumbersandcontactinformationforalllocationsarelistedonwww.
akamai.
com/locations2014AkamaiTechnologies,Inc.
AllRightsReserved.
Reproductioninwholeorinpartinanyformormediumwithoutexpresswrittenpermissionisprohibited.
AkamaiandtheAkamaiwavelogoareregisteredtrademarks.
Othertrademarkscontainedhereinarethepropertyoftheirrespectiveowners.
Akamaibelievesthattheinformationinthispublicationisaccurateasofitspublicationdate;suchinformationissubjecttochangewithoutnotice.
Published10/14.
5ABOUTPROLEXICSECURITYENGINEERING&RESEARCHTEAM(PLXSERT)/PLXsertmonitorsmaliciouscyberthreatsgloballyandanalyzestheseattacksusingproprietarytechniquesandequipment.
Throughresearch,digitalforensicsandpost-eventanalysis,PLXsertisabletobuildaglobalviewofsecuritythreats,vulnerabilitiesandtrends,whichissharedwithcustomersandthesecuritycommunity.
Byidentifyingthesourcesandassociatedattributesofindividualattacks,alongwithbestpracticestoidentifyandmitigatesecuritythreatsandvulnerabilities,PLXserthelpsorganizationsmakemoreinformed,proactivedecisions.
ABOUTAKAMAI/Akamaiistheleadingproviderofcloudservicesfordelivering,optimizingandsecuringonlinecontentandbusinessapplications.
AtthecoreoftheCompany'ssolutionsistheAkamaiIntelligentPlatformprovidingextensivereach,coupledwithunmatchedreliability,security,visibilityandexpertise.
Akamairemovesthecomplexitiesofconnectingtheincreasinglymobileworld,supporting24/7consumerdemand,andenablingenterprisestosecurelyleveragethecloud.
TolearnmoreabouthowAkamaiisacceleratingthepaceofinnovationinahyperconnectedworld,pleasevisitwww.
akamai.
comorblogs.
akamai.
com,andfollow@AkamaionTwitter.
数脉科技六月优惠促销发布了!数脉科技对香港自营机房的香港服务器进行超低价促销,可选择30M、50M、100Mbps的优质bgp网络。更大带宽可在选购时选择同样享受优惠,目前仅提供HKBGP、阿里云产品,香港CN2、产品优惠码续费有效,仅限新购,每个客户可使用于一个订单。新客户可以立减400元,或者选择对应的机器用相应的优惠码,有需要的朋友可以尝试一下。点击进入:数脉科技官方网站地址数脉科技是一家成...
趣米云怎么样?趣米云是创建于2021年的国人IDC商家,虽然刚刚成立,但站长早期为3家IDC提供技术服务,已从业2年之久,目前主要从事出售香港vps、香港独立服务器、香港站群服务器等,目前在售VPS线路有三网CN2、CN2 GIA,该公司旗下产品均采用KVM虚拟化架构。由于内存资源大部分已售,而IP大量闲置,因此我们本月新增1c1g优惠套餐。点击进入:趣米云官方网站地址香港三网CN2云服务器机型活...
数脉科技怎么样?昨天看到数脉科技发布了7月优惠,如果你想购买香港服务器,可以看看他家的产品,性价比还是非常高的。数脉科技对香港自营机房的香港服务器进行超低价促销,可选择10M、30M的优质bgp网络。目前商家有优质BGP、CN2、阿里云线路,国内用户用来做站非常不错,目前E3/16GB阿里云CN2线路的套餐有一个立减400元的优惠,有需要的朋友可以看看。点击进入:数脉科技商家官方网站香港特价阿里云...
openerdns为你推荐
小企业如何做品牌中小企业如何树立品牌形象,提高知名度?sns平台社交网站是啥意思?phpcms模板PHPCMS V9模板360退出北京时间怎样让电脑时间与北京时间相同cuteftpCuteFTP 和FlashFXP是什么软件,有什么功能,怎样使用?重庆400年老树穿楼生长生长百年的老树,仍能不断生长,是因为主要有什么组织支付宝账户是什么支付宝的账号是什么啊支付宝注册网站支付宝申请流程是怎么样的??Aliasedinternal泉州商标注册请问泉州商标注册要怎么办理?在哪办理?
59.99美元 便宜建站 win8升级win10正式版 网页背景图片 华为网络硬盘 空间合租 阵亡将士纪念日 宿迁服务器 apnic 阿里云个人邮箱 国外代理服务器 免费主页空间 阿里云邮箱怎么注册 机柜尺寸 删除域名 防盗链 卡巴下载 vim命令 回程 赵 更多