DNS DDoS Takes Down Hong Kong Paper

By Thomas Orthbandt

Posted on October 2, 2014 in: Security

The ongoing protests in Hong Kong are attracting worldwide attention. Less visible is a connection to the ongoing DNS-based DDoS attacks that started early this year. On Sunday Sept 28 attackers used DNS based DDoS to target Passion Times, a local Hong Kong newspaper (http://www.passiontimes.hk/). The site was brought down for most of the day and had to resort to Facebook (https://www.facebook.com/passiontimes) in order to get the news out.

Read more

Response Rate Limiting Bites Back?

By Thomas Orthbandt

Posted on September 24, 2014 in: Security

A new kind of DDoS attack is currently stressing DNS infrastructure everywhere. Attackers gain access to DNS resolvers through home gateways with open DNS proxies. Proxies forward large bursts of queries with spoofed IP addresses to whatever resolver they are configured to use, usually an ISP resolver. With these attacks the overwhelming majority of queries require recursion so resolvers in turn query authoritative servers to get answers.

Read more

Digging Deep into DNS Data Discloses Damaging Domains

By Thomas Orthbandt

Posted on September 17, 2014 in: Security

A Terabyte stream of anonymized DNS data collected every day from around the world reveals lots of interesting things.  Nominum researchers have developed algorithms to sort through trillions of transactions and find what is usually a tiny fraction that aren’t legitimate.   Some are queries for controlling malware, some are to send spam, and most recently lots more queries are for DDoS.

Read more

Future Ready DNS Can Deliver ROI and Can Be Green, Too

By Thomas Orthbandt

Posted on August 18, 2014 in: Network

Reducing overhead, delivering ROI, and going green have all become business priorities in recent years. Data centers alone now represent more than 2% of total worldwide energy consumption, with growth rates of as much as 12% per year. That’s a huge chunk of megawatts spinning processors! Reducing energy consumption is not only an eco-priority, it’s also a business imperative as overhead costs rise.

Read more

Progress on Open Home Gateways

By Thomas Orthbandt

Posted on July 14, 2014 in: Network, Security

Tags: , ,

We’ve written extensively about open DNS proxies running in home gateways (“open home gateways”). Affected devices proxy DNS queries received on their WAN interface to whatever DNS resolver they are configured to use. This is typically the DNS configured by the ISP. The DNS has always been a handy tool for various kinds of attacks and the presence of these gateways gives attackers a back door into provider networks.

Read more

Nominum in N2 Talks with LatAm Operators

By Thomas Orthbandt

Posted on June 12, 2014 in: General

Integrated DNS-based applications and solutions provider Nominum is in talks with Latin American telecom operators to sell its recently launched digital marketing tool N2, CMO Sanjay Kapoor told BNamericas.

N2 leverages internet activity data from the Domain Name System (DNS), an underutilized resource that is freely available, Kapoor explained.

Read more

Deterring DNS Amplification: Considerations for Filtering at Network Borders

By Thomas Orthbandt

Posted on April 29, 2014 in: Security

Tags: ,

A new variant of DNS amplification attack relies on home gateways with open DNS proxies to forward DNS queries to ISP resolvers. To launch this exploit attackers can deploy their exploit code anywhere on the Internet that allows address spoofing, a compromised server in a hosting facility for example. From there DNS queries can be targeted at any network with open home gateways. These queries enter ISP networks at border routers.

Read more

It’s Becoming a Software Defined World

By Thomas Orthbandt

Posted on January 21, 2014 in: Network

Tags: ,

I don’t think anyone would dispute software is the new currency in networks.

The Network Functions Virtualization (NFV) initiative calls for defining and deploying the next generation of network functions with software, rather than specialized hardware.  Software Defined Networking (SDN) is another visible trend which although currently focused on data centers, is predicted to impact networking markets broadly in the future.

Read more

Software is Strategic, Hardware is Generic

By Thomas Orthbandt

Posted on December 16, 2013 in: Network, Security

Tags: , ,

Network Functions Virtualization (NFV) is getting a lot of attention in Telecom circles these days.  Initiated by leading providers around the world the NFV effort now has more than 150 participants crossing all of the functional boundaries in networking.   NFV has been motivated by the astonishing array of appliances that have crept into provider networks.  Even DNS appliances have emerged but the value proposition is almost exclusively around convenience rather than optimizing DNS for carrier environments.

Read more

DNS Amplification Attacks: Out of sight, out of mind? Part Three

By Thomas Orthbandt

Posted on December 10, 2013 in: Security

Tags: ,

Previous posts (Part 1 and Part 2) offer background on DNS amplification attacks being observed around the world.   These attacks continue to evolve.  Early attacks focused on authoritative servers using “ANY” queries for domains that were well known to offer good amplification.  Response Rate Limiting (RRL) was developed to respond to these early attacks.  RRL, as the name suggests, is deployed on authoritative servers to rate limit responses to target names.  It basically groups requesters IP addresses (/24 for IPV4 and /56 for IPv6) together with the name and sends a truncated response to requests that exceed a configured limit.

Read more

1 5 6 7 8 9 11