AOH :: IS1702.HTM

New-age cyber-attack inflicts major damage with modest means




New-age cyber-attack inflicts major damage with modest means
New-age cyber-attack inflicts major damage with modest means



http://www.theregister.co.uk/2009/02/10/new_dns_amplification_attacks/ 

By Dan Goodin in San Francisco
The Register
10th February 2009

A sustained cyber-attack against a handful of niche pornography sites 
has demonstrated a novel way to inflict major damage on hardened targets 
using a modest amount of data, a security researcher has warned.

The technique - which tricks the net's authoritative name servers into 
bombarding innocent victims with more data than they can handle - is 
growing increasingly common, and it's likely only a matter of time 
before commercial attack kits add it to their arsenal, said Don Jackson, 
a researcher with Atlanta-based security provider SecureWorks. He also 
warned there is no easy fix because any remedy will potentially require 
settings for millions of DNS, or domain-name system, servers to be 
individually changed.

The ongoing attacks on several sites related to transvestite porn work 
by sending hundreds of thousands of domain name servers a steady stream 
of packets that contain little more than the character "." The queries, 
which are forged so they appear to have been sent from sites such as 
ladyboydolls.com and triplexbonanza.com, prompt the DNS servers to 
respond to the targets with a list of the internet's root servers, 
responses that contain about eight times more data than the initial 
request.

"The amplifiers in this attack are name servers configured to what is 
considered best practices," Jackson told The Register. Preventing the 
attack will require administrators to make changes to the software 
running each vulnerable DNS server on the internet, he added.

[...]


_______________________________________________      
Best Selling Security Books & More!
http://www.shopinfosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods