There is a lot of media hype surrounding volumetric style DDoS attacks recently where the focus has been on large Gb/sec attacks, sometimes up to 400 Gb/sec. In reality, these are very rare and these …
Read the original:
DDoS attacks: Criminals get stealthier
DOSarrest has begun offering a Cloud based Layer 7 local and global Load balancing solution to its DDoS protection services customer base. The Load balancing service is a fully managed solution, whereby customers can create pools of servers; a pool can be 1 or many servers and can be located in multiple locations. Load balancing types available include: Round Robin, IP Hash, least connections, weighted. Other options include: By Domain or Host Header, allows customers to direct our servers to pick-up and cache content based on the domain name or host header that is being requested by the visitor. By Resource, allows customers to direct our servers to pick-up and cache content based on the resource being requested by the visitor. Mydomain.com goes to one server(s) mydomain.com/images goes to another server(s) and/or location. The load balancing solution also can be used as Active/Active -All servers are is use Or Active/Passive -some servers are only used when one or more have a failure. Health checks are all part of the service to determine if a particular server or instance is active or not. Jag Bains, CTO at DOSarrest comments “I used to be in the hosting game and when I see the advantages of our cloud based solution over a hardware based solution, this is definitely the way to go.” Bains also adds “There is no capital required, no technical expertise is needed, no single point of failure, it’s able to handle 100?s of millions of requests and can be setup in 5 minutes…top that.” General Manager at DOSarrest, Mark Teolis states “It’s a natural add-on to our DDoS protection services, which already incorporates extensive caching of customers content, this way customers can leverage any combination and location of VPS’s, Instances, private cloud and dedicated servers. I can’t see why anyone would want to buy or manage a Load balancing device again, it just doesn’t make sense anymore.” Details on this service can be found here: www.dosarrest.com/solutions/load-balancing/
See original article:
DOSarrest Rolls Out Cloud Based Layer 7 Load Balancing
DNS amplification and NTP reflection are two big buzz-terms in the modern world of distributed denial-of-service (DDoS) attacks, but when successful defensive measures force those wells to run dry, a lesser-used reflection attack vector, known as Simple Network Management Protocol (SNMP), could take the forefront. Johannes Ullrich, dean of research with the SANS Technology Institute, told SCMagazine.com in a Monday email correspondence that SNMP, a UDP-based protocol used to read and set the configurations of network devices, hasn’t posed as big a threat as DNS and NTP attacks because there are not as many reflectors available as there are for other protocols. Ullrich said that most network-connected devices support SNMP in some form and, in a Thursday post, opined that it could be the next go-to vector for attackers after he observed a DDoS reflection attack taking advantage of an unnamed video conferencing system that was exposing SNMP. In this instance, the attacker spoofed a SNMP request to appear to originate from 117.27.239.158, Ullrich said, explaining that the video conferencing system receives the request and then replies back to the IP address with a significant reply. An 87 byte “getBulkRequest” resulted in a return of 60,000 bytes of fragmented data, Ullrich wrote in the post, adding that the individual reporting the attack observed roughly five megabits per second of traffic. “The requests are pretty short, asking for a particular item, and the replies can be very large,” Ullrich said. “For example, SNMP can be used to query a switch for a list of all the devices connected to it. SNMP provides replies that can be larger than DNS or NTP replies.” As people improve configurations, effectively causing those DNS and NTP reflectors to dry up, SNMP could be the attack vector of choice, Ullrich said – a point that John Graham-Cumming, a programmer with CloudFlare, agreed with in a Monday email correspondence with SCMagazine.com. “I think that attackers will turn to SNMP once other attack methods are thwarted,” Graham-Cumming said. “At the moment it’s easy to use NTP and DNS for attacks, so there’s no need for SNMP.” To get a jumpstart defending against this DDoS vector, Graham-Cumming suggested that network operators limit access to the SNMP devices on their networks. Ullrich went so far as to say that SNMP devices should not be exposed to the internet at all. Both experts added that the “community string,” which serves as a password for accepting requests, should not be so obvious. Source: http://www.scmagazine.com/snmp-could-be-the-future-for-ddos-attacks/article/346799/
Pseudo-terminal buffer bug from 2009 discovered Linux admins need to get busy patching, as a newly discovered bug has emerged in the kernel’s tty handling that can let local users create memory corruption leading to denial of service, unauthorised modification of data, and disclosure of information.…
A total of five individuals have been arrested by Chinese authorities on suspicion of being behind distributed denial-of-service (DDOS) attacks launched against the systems of a Shanghai-based online gaming company. According to police in Shanghai ‘s Xuhui District, cited by Ecns.cn, the first suspect, surnamed Wu, was arrested in January, after the targeted company provided authorities with information needed to track him down. Wu told investigators that he had been hired by one of the targeted company’s competitors, an Internet firm based in the Henan Province operated by an individual called Tu. Tu’s firm offered not only online games, but also hacking services. The individuals he hired would hack into the systems of various organizations and use the hijacked computers to launch DDOS attacks against various targets. The attacks launched against the Shanghai online games company are said to have resulted in damage of close to 10 million Yuan ($1.6 million / €1.16 million). The attacks were aimed at the login page for an online game and prevented paying customers from accessing their accounts. Police detained Wu, Tu and three other individuals suspected of being responsible for the cyberattacks. The company operated by Tu is believed to be involved in other illegal activities as well, including hacking, distribution of obscene materials, and hosting illegal ads. Source: http://news.softpedia.com/news/5-People-Arrested-for-Launching-DDOS-Attacks-on-Systems-of-Chinese-Gaming-Company-441863.shtml
View original post here:
5 People Arrested for Launching DDOS Attacks on Systems of Chinese Gaming Company
Domain hosts Point DNS has been hammered with a high intensity DDoS attack on Friday, knocking servers out for hours. The size of the attack and techniques used – much less who might be behind the attack – remains unclear. Several Reg readers got in touch to notify us about the issue and the company confirmed the attack online. “We’re experiencing a DDoS attack on all DNS servers we are working hard mitigate the attack,” Point DNS said in a update to its Twitter profile. “We’re still working through a massive DDoS. We’re adding more nameservers and working with our network providers,” it added. The firm, whose services are used by more than 220,000 domains, was badly affected by the attack. This had a knock-on effect on firms who used its services – while websites were up and running as normal attempts to reach them by typing in a name to a browser would not resolve as normal. The snafu also means email won’t be delivered as normal to affected sites, with early indications suggesting clients clustered in Asia and Europe were worst affected. Security specialists Incapsula spotted a similar attack, which peaked at 25 million packets per second. It reported seeing floods of non-spoofed IP data coming from two DDoS protection services as the cause of the outage. “DNS flood have been around for a while but now the modern high-capacity servers take the attack to a new level,” Incapsula product evangelist Igal Zeifman told El Reg in a statement. “Unlike amplification attacks, that could be easily spotted and filtered on-edge, DNS flood queries can’t be dismissed before they could be allowed to be processed by the server. With powerful botnet machines pumping millions of malicious request each second, and aiming them directly and the most vulnerable server resources (eg CPU), the old threat is now making a comeback in a very dangerous manner.” Source: http://www.theregister.co.uk/2014/05/09/point_dns_ddos/
DNS flood washes over company servers Domain hosts Point DNS has been hammered with a high intensity DDoS attack on Friday, knocking servers out for hours.…
Originally posted here:
Point DNS blitzed by mystery DDoS assault
Here's an overview of some of last week's most interesting news, reviews and articles: XSS bug in popular Chinese site exploited to launch DDoS attack DDoS mitigation firm Incapsula has put a st…
Read this article:
Week in review: IE 0-day patched, Windows XP gets unexpected update, and tips on how to learn information security
UltraDNS said it has mitigated a distributed denial of service (DDoS) attack for most of its customers after the service was held down for most of the day. “Currently, only customers utilizing a segment of UltraDNS Name Server addresses are experiencing resolution latency due to intermittent network saturation in the Western US,” said Neustar director of product management, security solutions, Jim Fink in an email to Threatpost. “We continue to aggressively refine mitigations for these customers and hope to have the issue resolved shortly. We have been and will continue to provide regular updates to our UltraDNS customers via our usual customer notification process.” UltraDNS is a Neustar company. The SANS Institute’s Internet Storm Center said this afternoon that it received multiple reports of outages and DNS resolution issues, reportedly because of a 100 Gbps DDoS attack against one of UltraDNS’ customers that resulted in latency issues for others. “One reporting party did indicate that they learned that the management of UltraDNS had said that one of their customers was being attacked and that they black-holed that customer to get back on trend,” wrote ISC handler Russ McRee. “Resolver nodes around the world are resetting.” DDoS attacks the size of this one are quickly becoming the norm. A report from Arbor Networks this week said it has already tracked more than 70 DDoS attacks of 100 Gbps or more of bad traffic, topping out at 325 Gbps. The largest attacks on public record were recorded by traffic optimization and security provider CloudFlare Most volumetric attacks rely on some kind of amplification such as DNS reflection or Network Time Protocol amplification attacks where the requesting IP address is spoofed as the target’s and massive amounts of traffic is returned at relatively little cost to the attacker. With DNS amplification attacks, attackers take advantage of any number of the 28 million open DNS resolvers on the Internet to launch large-scale DDoS attacks. The motivations are varied. Ideological hackers use them to take down services in protest, while profit-motivated criminals can use DDoS as a cover for intellectual property theft and financial fraud. Beginning with the DDoS attacks against large U.S. banks early last year, the spike in these attacks merited a mention in the recent Verizon Data Breach Investigations Report. “We’re seeing a growing trend of combining DDoS with APT campaigns,” said Arbor Networks’ Gary Sockrider said. “Go back a few years, and DDOs was thought of more as a takedown mechanism, not for data exfiltration. Now we’re seeing it more frequently combined with APT, prolonged campaigns where an attacker is on your network and now need to get the data out, they’ll initiate a DDoS attack. It’s the equivalent of a natural disaster and while you’re dealing with it, that’s when they’ll exfiltrate data.” Source: http://threatpost.com/ultradns-dealing-with-ddos-attack/105806
See the original article here:
UltraDNS Dealing with DDoS Attack
France is seeing massive amounts of DDoS traffic going through its networks, thanks to sizeable hits on the country’s popular hosting providers As the UK enjoys a relatively low volume of distributed denial of service (DDoS) attacks, France is seeing deluges of traffic hitting organisations frequently, according to research. Major hosting providers, including the hugely-polular, OVH have attracted DDoSers to France, which was only outdone by the US in terms of the amount of DDoS traffic passing through the countries’ networks, according to Arbor Networks. A record 325Gbps attack hit France this year, but it is not known who was involved. DDoS threat getting bigger and bigger Darren Anstee, director of solutions architects at Arbor, said France was being attacked largely because of the popularity of those hosting providers. “They’ve got a lot of big hosting providers and some of those are used by the gaming industry [which is subject to significant sized attacks],” he told TechWeekEurope . Arbor spotted an unprecedented rise in DDoS attacks over the first quarter of 2014. It saw 72 attacks larger than 100Gbps and 1.5 times the number of attacks over 20Gbps as in the whole of 2013. The epic increase in attack size has come as a result of what’s known as amplification. Protocols such as Network Time Protocol can be used to generate massive DDoS attacks with relatively little effort on behalf of the offenders. They can abuse vulnerable NTP servers by spoofing the IP address of a target, sending small requests and getting massive responses. The target IP is then flooded with that traffic. Even protocols used by popular gaming services, from Quake to the Steam protocol, can be abused for amplification purposes. Source: http://www.techweekeurope.co.uk/news/ddos-france-gaming-hosting-companies-144777
View the original here:
France Getting Battered By DDoS Attacks