Feeds

New-age cyber-attack inflicts major damage with modest means

Ladyboydolls.com and the new DDoS

Beginner's guide to SSL certificates

A Matter of Time

The attacks being tracked by Jackson have been accompanied by more traditional distributed denial of service (DDoS) attacks generated by botnets. They bear the hallmarks of a commercial DDoS application known as BlackEnergy (PDF), leading Jackson to believe it's only a matter of time before the technique gets folded into the package.

What's more, an increasing number of sites over the past couple weeks have been subjected to the attack. For now, they tend to be underground operations such as those cranking out pharmaceutical spam, but Jackson expects that to change.

"When the bot writers integrate this and use it as a value add, then we'll see it in the mainstream," he said.

The only way to prevent the attack is for DNS administrators to ensure their servers are configured to answer upward referrals only to authorized zones within their domain. While some DNS software, such as DJBDNS, does this by default, plenty of other other programs don't. Various versions of BIND, by far the most widely used DNS program, by default return queries for the root servers. (Instructions for changing this behavior in BIND are available here).

DNS software from Microsoft and others can also be used by attackers as DNS amplifiers out of the box, Jackson says. (Readers who know how to change this default behavior for other packages are invited to leave a comment or contact me using this link).

Another possible fix, ISPrime's Rosenthal said, is using firewalls built into FreeBSD, Linux, and Windows. But Jackson says this solution is far from ideal. That's because it would require the blacklisting of hundreds of thousands of legitimate DNS servers. Instead, Jackson is leaning toward the use of special signatures based on the open-source intrusion prevention system known as Snort.

But even some of the more feasible remedies may create problems, warns Baylor University's Vaughn, who says the sudden squelching of DNS responses to the queries could create collateral damage as the requests are repeated over and over.

"Everything we do has a cost, and unfortunately, this is one of those things where there might be some debate about what to do," he said. "There's going to have to be by protocol some sort of response." ®

Internet Security Threat Report 2014

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.