Networking

DNS amplification attacks back in the spotlight

US CERT re-issued today their March 29 2013 technical advisory reminding organisations to check their networks for open DNS resolvers, which can easily be used in a Distributed Denial of Service (DDoS) attack. See https://www.us-cert.gov/ncas/alerts/TA13-088A. An open DNS resolver is where the DNS server will accept and answer recursive DNS query requests from hosts that are not part of the IP address range under control of the organisation i.e. recursive DNS server functionality should be restricted to only those host IP addresses that belong to the enterprise or ISP.

Want to check if your DNS's are part of the purported 28 million open resolvers (as of May 2013 - see http://openresolverproject.org), then a useful tool is http://dns.measurement-factory.com/cgi-bin/openresolverquery.pl  If you are the technical contact for the IP address range as reported by whois then this tool will send you the current resolver status of your DNS's.

Another great resource is the  site www.dnsinspect.com. This site provides you with a detailed report on the status of your DNS. A great place to check on possible security vulnerabilities for your domain.

The CERT amplification reference cited above provides an excellence reference, however if you need up-skilling on aspects of DNS then please contact us. We do provide training in all aspects of DNS, IP, Deep Packet Analysis and Cyber Security.

LEGO and the IP packet header

At IIT Training we strive for an inclusive pedagogy. So, we are always looking at new and innovative ways to engage adult learners with complex technical matters in a fun way. One of our senior technical trainers, Geoff, has asked for buckets of lego for a new  hands-on session for our IPv4 and IPv6 courses. We thought it was for Open Systems Interconnection (OSI) model layering, but we were wrong, it was a whole lot better than that!....it was for the packet headers themselves, have a look what he'd come across: http://righteousit.wordpress.com/2010/06/27/practical-visual-three-dimensional-pedagogy-for-internet-protocol-packet-header-control-fields/

 

Wonderful web world - vulnerability stats

With over  800 million sites now hosted on the Internet, and this number can possibly be multiplied or divided by the golden ratio, but either way the fundamental mechanics of web sites is big. And, with 'big' we also get vulnerabilities, as a recently published survey report by White Hat Security indicates that 86% of those surveyed had at least one web site vulnerability in 2012, with the average number of vulnerabilities per web site being 56. Whilst 56 vulnerabilities per web site may appear large it is a number that is trending lower from well over 1000 in 2006, and even the prior year of the report (2011), recorded 79.

Of the the sites that experienced vulnerabilities the top three vulnerabilities classes were:

1. Information leakage – 55% of web sites

2. Cross-Site-Scripting – 53% of web sites

3. Content Spoofing – 33% of web sites.

And, the interesting statistic from an education perspective was that 57% of those in the survey pool provided some instructor-led or computer-based software security training, and the payback was 40% fewer vulnerabilities with 59% faster resolution.