Blog Post

Protect and Enhance the Subscriber Experience to Grow the Bottom Line

By John Arledge, General Manager

protect-enhance-bottom-line

Posted on July 19, 2016 in: Marketing

Tags: , , , , , ,

For service providers undergoing digital transformation, the importance of subscriber and network protection cannot be understated. When subscribers and networks are at risk of attack or infection, a provider’s digital strategy is weakened and business growth limited.

Read more

Blog Post

Predicting Dynamic Malware Threats

By Bruce Van Nice

predicting-dynamic-malware-blog

Posted on June 20, 2016 in: General, Marketing, Network, Security

Tags: , , , , , ,

We just released a new whitepaper outlining the upcoming types of cyberthreats and malicious activity affecting digital consumers, and how organizations and operators can address them. Below is an excerpt. To read the full report, click here to download.

Read more

Blog Post

Ghosts Haunt Internet II: Android Malware

By Hongliang Liu

Posted on September 30, 2015 in: Network, Security

Tags: , , ,

Android fans were probably chuckling over the XcodeGhost malware news – hackers don’t often penetrate Apple’s defenses. This provoked the Nominum Data Science team to take a look at what’s happening with malware targeting Android. Common wisdom is Android is exposed because there’s less rigor in the development and supply chain, and third party app stores with no protections are popular. Determined hackers can allegedly subvert defenses and get various kinds of exploits placed on mobile devices running the highly popular operating system. But what does the data show?

Read more

Blog Post

Progress on Open Home Gateways

By Thomas Orthbandt

Posted on July 14, 2014 in: Network, Security

Tags: , ,

We’ve written extensively about open DNS proxies running in home gateways (“open home gateways”). Affected devices proxy DNS queries received on their WAN interface to whatever DNS resolver they are configured to use. This is typically the DNS configured by the ISP. The DNS has always been a handy tool for various kinds of attacks and the presence of these gateways gives attackers a back door into provider networks.

Read more

Blog Post

Software is Strategic, Hardware is Generic

By Thomas Orthbandt

Posted on December 16, 2013 in: Network, Security

Tags: , ,

Network Functions Virtualization (NFV) is getting a lot of attention in Telecom circles these days.  Initiated by leading providers around the world the NFV effort now has more than 150 participants crossing all of the functional boundaries in networking.   NFV has been motivated by the astonishing array of appliances that have crept into provider networks.  Even DNS appliances have emerged but the value proposition is almost exclusively around convenience rather than optimizing DNS for carrier environments.

Read more

Blog Post

DNS Amplification Attacks: Out of sight, out of mind? Part Three

By Thomas Orthbandt

Posted on December 10, 2013 in: Security

Tags: ,

Previous posts (Part 1 and Part 2) offer background on DNS amplification attacks being observed around the world.   These attacks continue to evolve.  Early attacks focused on authoritative servers using “ANY” queries for domains that were well known to offer good amplification.  Response Rate Limiting (RRL) was developed to respond to these early attacks.  RRL, as the name suggests, is deployed on authoritative servers to rate limit responses to target names.  It basically groups requesters IP addresses (/24 for IPV4 and /56 for IPv6) together with the name and sends a truncated response to requests that exceed a configured limit.

Read more

Blog Post

DNS Amplification Attacks: Out of sight, out of mind? Part Two

By Thomas Orthbandt

Posted on September 3, 2013 in: Security

Tags: ,

This post follows an earlier post about DNS amplification attacks being observed around the world.  DNS Amplification Attacks are occurring regularly and even though they aren’t generating headlines targets have to deal with floods of traffic and ISP infrastructure is needlessly stressed – load balancers fail, network links get saturated, and servers get overloaded.  And far more intense attacks can be launched at any time.

Read more

Blog Post

DNS Amplification Attacks: Out of Sight, Out of Mind?

By Thomas Orthbandt

Posted on August 23, 2013 in: Security

Tags: ,

Geoff Huston’s recent post about the rise of DNS amplification attacks offers excellent perspective on the issue.  Major incidents like the Spamhaus attack Geoff mentions at the beginning of his post make headlines, but even small attacks create noticeable floods of traffic. These attacks are easy to launch and effective even with relatively modest resources and we see evidence they’re occurring regularly. Although DNS servers are not usually the target of these attacks the increase in traffic and larger response sizes typically stress DNS infrastructure and require attention from operation teams.

Read more

Blog Post

Deterring Amplification Attacks: Identification to Targeted Remediation

By Thomas Orthbandt

Posted on June 3, 2013 in: Security

Tags: ,

Over the past few weeks we’ve been helping customers who’ve been experiencing unusual spikes in traffic on their resolvers. Data obtained using Vantio Real Time Visibility and querystore commands revealed a substantial increase in the number of ANY queries, in some cases hundreds of millions. Additional data showed the names being queried turned very small DNS questions into very large DNS answers. Both indicate a recent type of DDoS attack that leverages the DNS to amplify traffic and flood a target with it.

Read more

1 2 3