opportunityopenerdns
openerdns 时间:2021-05-02 阅读:(
)
1akamai's[stateoftheinternet]/SecurityBulletin11.
1OVERVIEW/PLXserthasbeenmonitoringanewtrendintheuseofDNSamplificationattacks.
AmplificationattacksarespecialtypesofDDoSattacksthataredesignedtogeneratelargeresponsepacketswithrelativelysmallrequests.
AttackersarecraftinglargeDNSTXT(text)recordstoincreaseamplification,magnifyingtheimpactoftheattack.
Forexample,severalcampaignsobservedsinceOctober4,2014containfragmentsoftexttakenfrompressreleasesissuedbytheWhiteHouse.
PLXsertsuspectsthattheDNSfloodertoolcontinuestobeusedinthesecampaigns.
BycraftingtheirownTXTrecords,attackerscanamplifyresponsesasdesiredanddirectthistraffictotargetedsites,including—butnotlimitedto—DNSservers.
Theamplifiedtrafficresponsecouldeventuallyoverwhelmthetargetedsiteandrenderitunabletorespondtoanyrequests.
AttackershaveusedlargeTXTrecordsinreflectionattacksinthepast.
PreviousvictimsofDNSamplificationattacksusingTXTrecordsincludesitessuchasisc.
organdmany.
govsites.
Withthisnewthreat,maliciousactorsarenowcraftingtheTXTrecordstoprovidethelargestresponsesizepossible,therebyhavingasmuchimpactaspossible.
TheTXTrecordsintheOctober2014attackshavebeenidentifiedasoriginatingfromtheguessinfosys.
comdomain.
1.
2HIGHLIGHTEDATTRIBUTESAttackstatistics§Peakbandwidth:4.
3Gigabitspersecond(Gbps)§Attackvectors:DNSreflectionandamplification§Sourceport(s):53§Destinationport(s):80,random1SECURITYBULLETIN:CRAFTEDDNSTEXTATTACKGSIID:1082TLP:GREEN11.
11.
14RISKFACTOR-MEDIUM2akamai's[stateoftheinternet]/SecurityBulletin2Primarytargets§Entertainment§Education§HightechconsultingSamplepayloads21:38:55.
972524IPX.
X.
X.
X.
53>X.
X.
X.
X.
52967:585613/0/3A50.
63.
202.
58,NSns71.
domaincontrol.
com.
,NSns72.
domaincontrol.
com.
,SOA,MXmailstore1.
secureserver.
net.
10,MXsmtp.
secureserver.
net.
0,TXT"PresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigning13:43:36.
094522IPX.
X.
X.
X.
53>X.
X.
X.
X.
52506:1153210/13/16TXT"PresidenftxtObamaistakingaction",TXT[|domain]13:43:36.
094854IPX.
X.
X.
X.
53>X.
X.
X.
X.
5926:3540810/13/16TXT"Presidentalsooutlines""thedetailsaboutthetransmissionandtreatmentofEbola",TXT[|domain]2Figure1:TheentertainmentindustrywasthemaintargetoftheOctober2014DNSreflectionattacks.
3akamai's[stateoftheinternet]/SecurityBulletin33guessinfosys.
com.
85964INTXT"PresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigningLegislationMyFrontPorchAmericansacrossthePresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigningLe""gislationMyFrontPorchAmericansacrossthe"guessinfosys.
com.
85964INTXT"PresidentxtObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigningLegislationMyFrontPorchAmericansacrossthePresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigning""LegislationMyFrontPorchAmericansacrossthe"guessinfosys.
com.
85964INTXT"PresidenftxtObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigningLegislationMyFrontPorchAmericansacrossthePresidentObamaistakingactiontohelpensureopportunityforallAmericans.
PresidentObamaSigning""LegislationMyFrontPorchAmericansacrossthe"guessinfosys.
com.
85964INTXT"InavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismornin""gInavideoreleasedthismorningInavideoreleasedthismorning,PresidentObamaaddressesthepeopleofWestAfricaabouttheEbolaoutbreakthatiscurrentlyaffectingthecountriesofLiberia,SierraLeone,Guinea,andNigeria.
ThePresidentreiterate""sinthevideothat,alongwithourpartnersaroundtheworld,theUnitedStatesisworkingwiththesecountries'governmentstohelpstopthedisease.
Thefirststepinthisfight,however,isknowingthefacts--whichiswhythePresidentalsooutlines""thedetailsaboutthetransmissionandtreatmentofEbola"guessinfosys.
com.
85964INTXT"InavideorInavideoreleasedthismorningeleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismornin""gInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorning"guessinfosys.
com.
85964INTXT"InaviddeorInavideoreleasedthismorningeleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorni""ngInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorning"guessinfosys.
com.
85964INTXT"InaviddeofrInavideoreleasedthismorningeleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorn""ingInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorningInavideoreleasedthismorning"Maliciousrequestsforguessinfosys.
comcanbeobservedinthewildonanongoingbasis.
Theserequestsattempttouseopenresolversasintermediatevictimstoreflectattacktrafficbacktoatarget.
Forthemostpart,theusefulnessofthesemaliciousdomainsdropsoffafterafewdaysasserveradminsbegintoblockofftherequests.
Figure2:Digresultsforguessinfosys.
comTXTrecordsshowmultipleTXTstringsliftedfromWhiteHousepressreleases4akamai's[stateoftheinternet]/SecurityBulletin4418:11:32.
433099IPX.
X.
X.
X.
16484>X.
X.
X.
X.
53:37834+[1au]ANYguessinfosys.
com.
(45).
.
.
.
E.
.
Ib.
.
.
.
.
.
.
Ma.
.
.
.
Fx@d.
5.
5.
guessinfosys.
com.
1.
3MITIGATION/DNSreflectionandamplificationattacksmakeuseofthesametacticsusedbyothertypesofreflectioncampaigns,suchasSNMP,SSDPorCHARGEN.
Theprimaryimpacttothetargetedserviceistheoverallbandwidthgenerated.
DNSreflectionattackscanbemitigatedsuccessfullyatthenetworkedge.
Anaccesscontrollist(ACL)wouldsufficebutonlyincaseswhereavailablebandwidthexceedsattacksize.
SomeDNSserverswillattempttoretrytheresponseusingTCP,butwhentherequestissenttothetargethost,notransferwilloccurandtheattemptwillfail.
DDoScloud-basedprotectionservicessuchastheoneprovidedbyAkamaiTechnologiesarerecommended.
Status:PLXsertiscurrentlymonitoringongoingcampaigns.
Futureadvisoriesandupdateswillbeprovidedifwarranted.
Figure3:Aguessinfosys.
comrequestattemptingtoreflecttrafficoffacustomerDNSserverFigure4:TheOctober2014craftedDNSTXTamplificationattackslastedmorethanfivehoursduringeachattackandpeakedatmorethan15hoursonOctober245akamai's[stateoftheinternet]/SecurityBulletinTheProlexicSecurityEngineeringandResearchTeam(PLXsert)monitorsmaliciouscyberthreatsgloballyandanalyzestheseattacksusingproprietarytechniquesandequipment.
Throughresearch,digitalforensicsandpost-eventanalysis,PLXsertisabletobuildaglobalviewofsecuritythreats,vulnerabilitiesandtrends,whichissharedwithcustomersandthesecuritycommunity.
Byidentifyingthesourcesandassociatedattributesofindividualattacks,alongwithbestpracticestoidentifyandmitigatesecuritythreatsandvulnerabilities,PLXserthelpsorganizationsmakemoreinformed,proactivedecisions.
Akamaiisaleadingproviderofcloudservicesfordelivering,optimizingandsecuringonlinecontentandbusinessapplications.
Atthecoreofthecompany'ssolutionsistheAkamaiIntelligentPlatformprovidingextensivereach,coupledwithunmatchedreliability,security,visibilityandexpertise.
Akamairemovesthecomplexitiesofconnectingtheincreasinglymobileworld,supporting24/7consumerdemand,andenablingenterprisestosecurelyleveragethecloud.
TolearnmoreabouthowAkamaiisacceleratingthepaceofinnovationinahyperconnectedworld,pleasevisitwww.
akamai.
comorblogs.
akamai.
com,andfollow@AkamaionTwitter.
AkamaiisheadquarteredinCambridge,MassachusettsintheUnitedStateswithoperationsinmorethan40officesaroundtheworld.
OurservicesandrenownedcustomercareenablebusinessestoprovideanunparalleledInternetexperiencefortheircustomersworldwide.
Addresses,phonenumbersandcontactinformationforalllocationsarelistedonwww.
akamai.
com/locations2014AkamaiTechnologies,Inc.
AllRightsReserved.
Reproductioninwholeorinpartinanyformormediumwithoutexpresswrittenpermissionisprohibited.
AkamaiandtheAkamaiwavelogoareregisteredtrademarks.
Othertrademarkscontainedhereinarethepropertyoftheirrespectiveowners.
Akamaibelievesthattheinformationinthispublicationisaccurateasofitspublicationdate;suchinformationissubjecttochangewithoutnotice.
Published10/14.
5ABOUTPROLEXICSECURITYENGINEERING&RESEARCHTEAM(PLXSERT)/PLXsertmonitorsmaliciouscyberthreatsgloballyandanalyzestheseattacksusingproprietarytechniquesandequipment.
Throughresearch,digitalforensicsandpost-eventanalysis,PLXsertisabletobuildaglobalviewofsecuritythreats,vulnerabilitiesandtrends,whichissharedwithcustomersandthesecuritycommunity.
Byidentifyingthesourcesandassociatedattributesofindividualattacks,alongwithbestpracticestoidentifyandmitigatesecuritythreatsandvulnerabilities,PLXserthelpsorganizationsmakemoreinformed,proactivedecisions.
ABOUTAKAMAI/Akamaiistheleadingproviderofcloudservicesfordelivering,optimizingandsecuringonlinecontentandbusinessapplications.
AtthecoreoftheCompany'ssolutionsistheAkamaiIntelligentPlatformprovidingextensivereach,coupledwithunmatchedreliability,security,visibilityandexpertise.
Akamairemovesthecomplexitiesofconnectingtheincreasinglymobileworld,supporting24/7consumerdemand,andenablingenterprisestosecurelyleveragethecloud.
TolearnmoreabouthowAkamaiisacceleratingthepaceofinnovationinahyperconnectedworld,pleasevisitwww.
akamai.
comorblogs.
akamai.
com,andfollow@AkamaionTwitter.
香港ceranetworks提速啦是成立于2012年的十分老牌的一个商家这次给大家评测的是 香港ceranetworks 8核16G 100M 这款产品 提速啦老板真的是豪气每次都给高配我测试 不像别的商家每次就给1核1G,废话不多说开始跑脚本。香港ceranetworks 2核2G 50G硬盘20M 69元/月30M 99元/月50M 219元/月100M 519元/月香港ceranetwork...
数脉科技(shuhost)8月促销:香港独立服务器,自营BGP、CN2+BGP、阿里云线路,新客立减400港币/月,老用户按照优惠码减免!香港服务器带宽可选10Mbps、30Mbps、50Mbps、100Mbps带宽,支持中文本Windows、Linux等系统。数脉香港特价阿里云10MbpsCN2,e3-1230v2,16G内存,1T HDD 或 240G SSD,10Mbps带宽,IPv41个,...
RAKsmart 商家这几年还是在做事情的,虽然他们家顺带做的VPS主机并不是主营业务,毕竟当下的基础云服务器竞争过于激烈,他们家主营业务的独立服务器。包括在去年开始有新增多个数据中心独立服务器,包括有10G带宽的不限流量的独立服务器。当然,如果有需要便宜VPS主机的他们家也是有的,比如有最低月付1.99美元的美国VPS主机,而且可选安装Windows系统。这里商家有提供下面六款六月份的活动便宜V...
openerdns为你推荐
用户googleaccess数据库修复求救,ACCESS数据库破坏了,怎么修复?360防火墙在哪里怎么查找到360防火墙在自己电脑里的位置?并且关闭掉360防火墙在哪里360防火墙资费标准电信4G套餐?腾讯公司电话腾讯公司总部电话多少泉州商标注册泉州注册一个商标具体要怎么弄?具体流程是什么?123456hd手机上有电话的标志,后面有个HD是什么意思如何发帖子网上怎么发帖子?香港空间香港有哪些购物场所
星星海 blackfriday uk2 edis 网通服务器ip dd444 数字域名 免费申请个人网站 789电视剧 空间租赁 网通服务器 秒杀品 学生服务器 可外链的相册 脚本大全 .htaccess fatcow 架设代理服务器 symantec 低价 更多