The Ethical Hacker Network - DNS Servers Do Hackers Dirty Work

Latest Additions

Who's Online

Story from news.com:

In a twist on distributed denial-of-service attacks, cybercriminals are using DNS servers--the phonebooks of the Internet--to amplify their assaults and disrupt online business.

Earlier this year, VeriSign experienced attacks on its systems that were larger than anything it had ever seen before, it said last week. The Mountain View, Calif.-based company, which helps companies do business on the Web, discovered that the assaults weren't coming from commandeered "bot" computers, as is common. Instead, its machines were under attack by DNS (domain name system) servers.

"DNS is now a major vector for DDOS," Dan Kaminsky, a security researcher said, referring to distributed denial-of-service attacks. "The bar has been lowered. People with fewer resources can now launch potentially crippling attacks."

Just as in any DDOS attack, the target system--which could be a victim's Web server, name server or mail server--is inundated with a multitude of data coming from multiple systems on the Internet. The goal is to make the target unreachable online by flooding the data connection or by crashing it as it tries to handle the incoming data.

Such attacks were once the tool of bored teenagers who got a kick out of seeing Web sites crumble. But these days, DDOS attacks are sometimes used by criminals looking to extort money from online businesses--especially those on the margins, such as gambling sites and the adult-entertainment industry.

"We're past the era where denial of service simply happens because kids are looking for a good time," Kaminsky said.

Unlike a commandeered PC, a DNS server is a valid and good citizen of the Internet. The systems play a critical role in connecting Web users, mapping text-based domain names such as www.cnet.com to the numerical IP addresses used by computers.

In this new kind of attack, an assailant would typically use a botnet to send a large number of queries to open DNS servers. These queries will be "spoofed" to look like they come from the target of the flooding, and the DNS server will reply to that network address.

Using DNS servers to do their dirty work offers key benefits to attackers. It hides their systems, making it harder for the victim to find the original source of the attack. But more important, reflecting an attack through a DNS server also allows the assault to be amplified, delivering a larger amount of malicious traffic to the target.

For full story:
http://news.com.com/DNS%20servers%20do%20hackers%20dirty%20work/2100-7349_3-6053468.html?tag=nefd.lede

Don

Exclusive Deal

SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters

5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013

Recent Forum Topics

General Certification : CPT Practical Submission (0) by z28power4u
OSCP - Offensive Security Certified Professional : Class Scheduled 6/8 - Linux n00b (5) by MrTuxracer
Career Central : Starter cert? (0) by Alert
Web Applications : Nessus and Nikto (4) by Seen
Tutorials : Need guidance (7) by impelse
Malware : EICAR? (2) by SephStorm
Network Pen Testing : Cracking salted MD5 hash (4) by n37sh@rk
CEH - Certified Ethical Hacker : Passed my C|EH (3) by n37sh@rk
Mass Media : EC-council hacked, irony at his best? (0) by j0rDy
Web Applications : SQL Injection into an INSERT statement. (6) by eyenit0
Network Pen Testing : Solution for sipXtapi INVITE Message CSeq Field Header Remote Overflow (1) by m0wgli
Web Applications : dns (2) by H1t M0nk3y
Other : BSides Boston (0) by 3xban
Career Central : InfoSec in Central, FL (2) by tturner
Web Applications : Web vulnerability scanner (4) by H1t M0nk3y

EH-Net News Feeds

Latest Additions