DDoS in recent months

Discuss securing DNS servers and threats/attacks.
Ole Juul
Posts: 29
Joined: Mon Jan 18, 2016 2:52 am

DDoS in recent months

Postby Ole Juul » Tue Dec 06, 2016 8:07 am

We have all seen the recent problems and there is a lot of talk because of the IoT role in this. No doubt something can and should be done with firmware, but the basic problem is still DNS. El Reg just put out an article where Paul Vixie weighs in on the issue.
http://www.theregister.co.uk/2016/12/05 ... nightmare/
I still think that in the longer term something needs to be done with the way we do DNS.

User avatar
chip
T2 Operator
Posts: 41
Joined: Mon Jan 18, 2016 2:19 am
Location: Colorado, USA
Contact:

Re: DDoS in recent months

Postby chip » Tue Dec 06, 2016 5:22 pm

Was the KrebsOnSecurity attack an amplification based attack? I thought it was a direct volume attack. Either way amplification is still a big problem. Akamai says DNS accounts for 18% of attacks and has some interesting analysis of the Mirai malware. (https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q3-2016-state-of-the-internet-security-report.pdf)
achip on #opennic | chip.geek

verax
Site Admin
Posts: 30
Joined: Mon Jan 18, 2016 3:16 am

Re: DDoS in recent months

Postby verax » Wed Dec 07, 2016 4:10 am

DNS cookies are a good solution to this. Problem is we need resolvers to start supporting it, and I don't know of any that do.

User avatar
chip
T2 Operator
Posts: 41
Joined: Mon Jan 18, 2016 2:19 am
Location: Colorado, USA
Contact:

Re: DDoS in recent months

Postby chip » Fri Dec 09, 2016 4:27 pm

Cookies seem like a good idea but they don't help with the spoofing just the attribution so we'll have to see if anything happens with the fallout of the direct volumetric attacks of late. Those should be very attributable and hopefully those devices used in the attacks can be notified and patched. If they do then there's hope for Cookies for public resolvers.

(RFC for DNS Cookies: https://www.rfc-editor.org/rfc/rfc7873.txt)
achip on #opennic | chip.geek


Return to “Security”

Who is online

Users browsing this forum: No registered users and 2 guests