[nsp-sec] Info share: REN-ISAC alert DNS Amplification attacks
Smith, Donald
Donald.Smith at CenturyLink.com
Wed May 8 14:39:35 EDT 2013
Minor nit, BCP38 is intended to block ingress traffic not egress traffic.
" - Apply BCP38 filtering to prevent spoofed source address traffic from
leaving your network. "
"Network Ingress Filtering:
Defeating Denial of Service Attacks which employ
IP Source Address Spoofing"
So it should probably be from entering your network:)
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at centurylink.com
From: nsp-security [nsp-security-bounces at puck.nether.net] on behalf of Gabriel Iovino [giovino at ren-isac.net]
Sent: Wednesday, May 08, 2013 12:13 PM
To: NSP nsp-security
Subject: [nsp-sec] Info share: REN-ISAC alert DNS Amplification attacks
----------- nsp-security Confidential --------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
The REN-ISAC released an alert to .edu today regarding DNS Amplification
attacks.
CIO version of the Alert
http://www.ren-isac.net/alerts/dns_amp_ddos_cio_201305.html
Technical version of the Alert
http://www.ren-isac.net/alerts/dns_amp_ddos_tech_201305.html
I share this with nsp-sec as most of us have constituents we are
attempting persuade to mitigate open resolvers and implement bcp38.
Maybe text from this alert will save you some time? Please feel free to
borrow/steal from it as you see fit.
A special thank you to everyone referenced in the alert, you are doing a
lot of the heaving lifting.
Here are a few other recent alerts I am aware of:
US-CERT Alert (TA13-088A) DNS Amplification Attacks
http://www.us-cert.gov/ncas/alerts/TA13-088A
DNS amplification attacks and open DNS resolvers
https://www.cert.be/pro/docs/dns-amplification-attacks-and-open-dns-resolvers
[slight topic change -> remediation experience]
When DNS amplification attacks are being shared in various remediation
communities and we alert our constituents we see ~30-40% remediation in
the first 24 hours. We also get feedback that:
1. Organizations have plans in place to mitigate open recursive resolvers
2. These notifications are helping them make the business case
internally to do the right thing.
Keep the attack data sets coming!
thank you
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAlGKlbEACgkQwqygxIz+pTsh4gCgtD2R4Q++U8NR+P0JLaKS+Y4t
7YoAnRRiT2GI+4ZZ17tC08rkT1c48qGJ
=0H49
-----END PGP SIGNATURE-----
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list