Technology

,

DNS amplification attacks back in the spotlight

,

US CERT re-issued today their March 29 2013 technical advisory reminding organisations to check their networks for open DNS resolvers, which can easily be used in a Distributed Denial of Service (DDoS) attack. See https://www.us-cert.gov/ncas/alerts/TA13-088A. An open DNS resolver is where the DNS server will accept and answer recursive DNS query requests from hosts that are not part of the IP address range under control of the organisation i.e. recursive DNS server functionality should be restricted to only those host IP addresses that belong to the enterprise or ISP.

Want to check if your DNS's are part of the purported 28 million open resolvers (as of May 2013 - see http://openresolverproject.org), then a useful tool is http://dns.measurement-factory.com/cgi-bin/openresolverquery.pl  If you are the technical contact for the IP address range as reported by whois then this tool will send you the current resolver status of your DNS's.

Another great resource is the  site www.dnsinspect.com. This site provides you with a detailed report on the status of your DNS. A great place to check on possible security vulnerabilities for your domain.

The CERT amplification reference cited above provides an excellence reference, however if you need up-skilling on aspects of DNS then please contact us. We do provide training in all aspects of DNS, IP, Deep Packet Analysis and Cyber Security.

, ,

Wonderful web world - vulnerability stats

, ,

With over  800 million sites now hosted on the Internet, and this number can possibly be multiplied or divided by the golden ratio, but either way the fundamental mechanics of web sites is big. And, with 'big' we also get vulnerabilities, as a recently published survey report by White Hat Security indicates that 86% of those surveyed had at least one web site vulnerability in 2012, with the average number of vulnerabilities per web site being 56. Whilst 56 vulnerabilities per web site may appear large it is a number that is trending lower from well over 1000 in 2006, and even the prior year of the report (2011), recorded 79.

Of the the sites that experienced vulnerabilities the top three vulnerabilities classes were:

1. Information leakage – 55% of web sites

2. Cross-Site-Scripting – 53% of web sites

3. Content Spoofing – 33% of web sites.

And, the interesting statistic from an education perspective was that 57% of those in the survey pool provided some instructor-led or computer-based software security training, and the payback was 40% fewer vulnerabilities with 59% faster resolution.

 

 

,

The gems you find in RFC's

,

In the last 18 months we have been doing a lot of design, development and delivery of training in the area of Carrier Ethernet (CE). Especially in the world of carrier networks there is the need to pro-actively manage the quality of service (QoS) and network performance, which normally goes under the name Operations, Administration and Maintenance (OAM) functions. To ensure conformance with QoS metrics and design build, test methods need to be constructed to provide rigor to the acceptance testing process. And, there is a number of publications from different standards bodies that provide guidance on the testing process...and this raises the question which do you follow, because we have the International Telecommunications Union (ITU), working some aspects and the Internet Engineering Task Force (IETF) - Request For Comment (RFC) working other paths.  So, you may well ask is there consensus between these standards' groups, and in RFC 6815 you will find this gem (page 7, para 3) of an answer:

"The world will not spin off axis while waiting for appropriate and standardized methods to emerge from the consensus process."

You may be interested in referring to some of the network performance documents. The documents include from the IETF - RFC 2544 - Benchmarking Methodology for Network Interconnection Devices http://www.ietf.org/rfc/rfc2544.txt. Published in 1999 this is still a topical document providing various test conditions, frames sizes and rates. The ITU Study Group 12 published in 2011 an Ethernet service activation test methodology in the document, SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Internet protocol aspects – Quality of service and network performance (See http://www.itu.int/rec/T-REC-Y.1564/en ). This was intended to fill the gaps in measurement methodology (with respect to RFC 2544) given the evolution of Ethernet services in the telecommunications carrier space.

In November 2012 the IETF published Applicability Statement for RFC 2544: Use on Production Networks Considered Harmful (See http://tools.ietf.org/html/rfc6815 ) The title says it all, with the intention to clarify that RFC2544  was  only for use in isolated test environments and not for production networks.

 

Platinum Winner 2018 - Best Technical Training Solution

Platinum Winner 2018 - Best Technical Training Solution