0 évaluation0% ont trouvé ce document utile (0 vote)
30 vues10 pages
http://bit.ly/1nyT8CX | By exploiting vulnerable DNS servers – or setting up their own – malicious actors can launch powerful DDoS reflection attacks using the new DNS Flooder cybercrime toolkit. The toolkit exploits nuances of the DNS protocol to amplify attacks by a factor of 50 or more, while making the attacker almost entirely anonymous. Find out more about this DDoS threat in the full Prolexic DNS Flooder Threat Advisory,
http://bit.ly/1nyT8CX | By exploiting vulnerable DNS servers – or setting up their own – malicious actors can launch powerful DDoS reflection attacks using the new DNS Flooder cybercrime toolkit. The toolkit exploits nuances of the DNS protocol to amplify attacks by a factor of 50 or more, while making the attacker almost entirely anonymous. Find out more about this DDoS threat in the full Prolexic DNS Flooder Threat Advisory,
http://bit.ly/1nyT8CX | By exploiting vulnerable DNS servers – or setting up their own – malicious actors can launch powerful DDoS reflection attacks using the new DNS Flooder cybercrime toolkit. The toolkit exploits nuances of the DNS protocol to amplify attacks by a factor of 50 or more, while making the attacker almost entirely anonymous. Find out more about this DDoS threat in the full Prolexic DNS Flooder Threat Advisory,
2014 AKAMAI | FASTER FORWARD TM What is DNS Flooder? In mid-2013, the DNS Flooder Toolkit v1.1 was leaked on popular hack forums The toolkit uses a new, popular method of crafting large DNS resource records Malicious actors can amplify responses by a factor of 50 or more per DNS request, and may customize their own DNS records, adding words and comments
2014 AKAMAI | FASTER FORWARD TM DNS Flooder v1.1 Toolkit Screenshot 2014 AKAMAI | FASTER FORWARD TM DNS Flooder: DDoS Attack Threat DNS Flooder is very popular The amplified nature of the attack means it only needs a few servers to achieve a large DDoS flood Because of the reflection techniques DNS Flooder uses, attackers are fully anonymous and the origin of the attack is very difficult to pinpoint Several attacks have already been launched against Akamai customers
2014 AKAMAI | FASTER FORWARD TM Attack Overview One attack against an Akamai customer using the DNS Flooder toolkit lasted approximately four hours Prior to the use of the tool, the attackers set up DNS servers for their own use, building their own botnet without the need for infection This method can also inject messages into the attack payload
2014 AKAMAI | FASTER FORWARD TM DDoS Flooder Attack Statistics San Jose London Hong Kong Washington Peak bits per second (bps) 5.00 Gbps 80.00 Gbps 5.00 Gbps 20.00 Gbps Peak packets per second (pps) 400.00 Kpps 7.50 Mpps 400.00 Kpps 2.00 Mpps Peak traffic values complied from Akamai scrubbing centers during a DNS Flooder campaign 2014 AKAMAI | FASTER FORWARD TM How Does DNS Flooder Work The toolkit uses a DNS reflection attack to amplify DDoS bandwidth by a factor of 50 or more The attacker sends a vulnerable DNS server a DNS any resource record query The any resource record query returns all records of all types stored on the server Can exceed 4,000 bytes By sending the request with a fake source IP, the big any resource record is reflected to the target
2014 AKAMAI | FASTER FORWARD TM How DNS Flooder Works, cont. DNS Flooder crafts its IP header and DNS resource header manually Requires root access on the attacking computer Allows nuances of DNS to be exploited to ensure maximum possible response size Falsifying the IP address at the source makes the original attack nearly untraceable the requests are totally anonymous 2014 AKAMAI | FASTER FORWARD TM Threat Advisory: NTP DNS Flooder toolkit Download the threat advisory, DNS Flooder v1.1 This DDoS threat advisory includes: Indicators of the use of the DNS Flooder toolkit Analysis of the source code Example query created by the toolkit Sample payload Who is believed to be behind these attacks The SNORT rule and target mitigation using ACL entries Statistics and payloads from two observed DNS Flooder campaigns against Akamai clients The full source code of DNS Flooder
2014 AKAMAI | FASTER FORWARD TM About Prolexic (now part of Akamai) We have successfully stopped DDoS attacks for more than a decade Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers