http://www.theregister.co.uk/2009/02/10/new_dns_amplification_attacks/ By Dan Goodin in San Francisco The Register 10th February 2009 A sustained cyber-attack against a handful of niche pornography sites has demonstrated a novel way to inflict major damage on hardened targets using a modest amount of data, a security researcher has warned. The technique - which tricks the net's authoritative name servers into bombarding innocent victims with more data than they can handle - is growing increasingly common, and it's likely only a matter of time before commercial attack kits add it to their arsenal, said Don Jackson, a researcher with Atlanta-based security provider SecureWorks. He also warned there is no easy fix because any remedy will potentially require settings for millions of DNS, or domain-name system, servers to be individually changed. The ongoing attacks on several sites related to transvestite porn work by sending hundreds of thousands of domain name servers a steady stream of packets that contain little more than the character "." The queries, which are forged so they appear to have been sent from sites such as ladyboydolls.com and triplexbonanza.com, prompt the DNS servers to respond to the targets with a list of the internet's root servers, responses that contain about eight times more data than the initial request. "The amplifiers in this attack are name servers configured to what is considered best practices," Jackson told The Register. Preventing the attack will require administrators to make changes to the software running each vulnerable DNS server on the internet, he added. [...] _______________________________________________ Best Selling Security Books & More! http://www.shopinfosecnews.org/Received on Tue Feb 10 2009 - 23:06:59 PST
This archive was generated by hypermail 2.2.0 : Tue Feb 10 2009 - 23:11:01 PST