[nsp-sec] Info share: REN-ISAC alert DNS Amplification attacks
Gabriel Iovino
giovino at ren-isac.net
Wed May 8 14:13:08 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
The REN-ISAC released an alert to .edu today regarding DNS Amplification
attacks.
CIO version of the Alert
http://www.ren-isac.net/alerts/dns_amp_ddos_cio_201305.html
Technical version of the Alert
http://www.ren-isac.net/alerts/dns_amp_ddos_tech_201305.html
I share this with nsp-sec as most of us have constituents we are
attempting persuade to mitigate open resolvers and implement bcp38.
Maybe text from this alert will save you some time? Please feel free to
borrow/steal from it as you see fit.
A special thank you to everyone referenced in the alert, you are doing a
lot of the heaving lifting.
Here are a few other recent alerts I am aware of:
US-CERT Alert (TA13-088A) DNS Amplification Attacks
http://www.us-cert.gov/ncas/alerts/TA13-088A
DNS amplification attacks and open DNS resolvers
https://www.cert.be/pro/docs/dns-amplification-attacks-and-open-dns-resolvers
[slight topic change -> remediation experience]
When DNS amplification attacks are being shared in various remediation
communities and we alert our constituents we see ~30-40% remediation in
the first 24 hours. We also get feedback that:
1. Organizations have plans in place to mitigate open recursive resolvers
2. These notifications are helping them make the business case
internally to do the right thing.
Keep the attack data sets coming!
thank you
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAlGKlbEACgkQwqygxIz+pTsh4gCgtD2R4Q++U8NR+P0JLaKS+Y4t
7YoAnRRiT2GI+4ZZ17tC08rkT1c48qGJ
=0H49
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list