Spamhaus attacks expose huge open DNS server dangers
Warnings of security problems posed by poorly configured DNS servers go mostly unheeded for years
Computerworld - Massive distributed denial-of-service attacks on Spamhaus this week focused widespread attention on the huge security threats posed by millions of poorly configured Internet Domain Name System (DNS) servers.
The attacks on Spamhaus that began March 19 were apparently launched by a group opposed to the Geneva, Switzerland-based volunteer organization's antispam work.
Several security firms described the attacks on the organization as the largest -- by far -- ever publicly known DDoS attacks to date.
In DDoS attacks, hackers typically try to take down a network by directing huge volumes of useless traffic to it. The traffic is usually generated using large botnets of compromised computers.
Large DDoS attacks have typically tended to involve between 4 gigabits per second to 10Gbps of traffic.
The Spamhaus attacks involved traffic volumes that reached a staggering 300Gbps -- said to be three times larger than the largest DDoS traffic seen to date and magnitudes greater than the traffic involved in a majority of past denial-of-service attacks.
The perpetrators behind the attack employed the well-known but infrequently used method DNS reflection to generate the huge stream of DDoS traffic directed against Spamhaus.
DNS servers are used primarily to look up and resolve domain names such as www.computerworld.com and www.idg.com to their corresponding IP addresses. If a DNS server does not have the domain information in its database or cache, it queries other nearby DNS servers for the information.
Ideally, DNS servers should be configured only to handle look-up requests coming from within a specific domain or IP address range. So a DNS server belonging to an ISP should handle only requests coming from within its IP address range.
In reality, however, millions of DNS servers are configured by default to be open DNS resolvers that accept and respond to queries from outside their own domain, making them vulnerable to exploitation by attackers because virtually anyone on the Internet can use an open DNS server to handle genuine or malicious queries.
For instance, to generate DDoS traffic, the attackers behind the Spamhaus attack sent queries with a spoofed source address to tens of thousands of open DNS resolvers, said Matthew Prince, CEO of CloudFlare, which has been helping Spamhaus deal with the recent attacks.
The lookup requests were made to appear as if they came from Spamhaus. So the responses to the requests from the tens of thousands of open DNS resolvers were sent to Spamhaus, generating a huge volume of traffic.
To magnify the volume of traffic, the attackers crafted the look-up queries in such a manner as to get each open DNS server to respond with much larger volumes of data than normal, Prince said.
- Evan Schuman: Resurrection of Full Disclosure mailing list is great news, if you're not a cyberthief
- Cyberattacks could paralyze U.S., former defense chief warns
- Syrian Electronic Army shanghais Microsoft's Twitter account, blog
- Is French outrage against U.S. spying misplaced?
- Lawmakers seek answers on Obamacare Data Hub security
- China-based hacking group behind hundreds of attacks on U.S. companies
- How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
- New York Times site outage caused by attack on domain registrar, company says
- Cyber drills like Quantum Dawn 2 vital to security in financial sector
- Quantum Dawn 2 will test Wall Street's cyber readiness
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
All Cybercrime and Hacking White Papers |