14:03 Ddosattack against the Rutaceae dnsserver was advertising action | |
| Attack on Rutaceae DNS-servers, recorded in early February, possibly the kind of advertising action. "Advertisers" demonstrated its potential in the organization of large-scale attacks using botnets. This version put forth in a special document, the representatives of ICANN - the organization for the purpose of domain names, website Darkreading.com. With what version of the advertising campaign looks very interesting, agrees CEO of OpenDNS DNS-service and EveryDNS Ulevich David (David Ulevitch): «ICANN representatives have suggested that this could be someone trying to demonstrate the power of his boat networks and the ability to use their custom. This is not about attacking the test in preparation for global action against themselves DNS-servers, and a way to demonstrate the potential of bot-nets to those who can use this potential against less protected targets. " According to Ulevich, a new similar attack is possible, but it is unlikely to destabilize the operation of servers. The February attack on Rutaceae DNS-servers to prove how effective method of protection is the use of technology anycast. This technology involves the location of IP-addresses of DNS-servers simultaneously on multiple physical (hardware) servers and DNS-request is sent via the anycast-address, delivered to a server near you. Five DNS-servers that are not yet using anycast, will be transferred to it in the near future, said representatives of ICANN. A document that ICANN has made for an audience with no special technical skills, also draws attention to the attack power, expressed in numbers. Flow of traffic directed at some Rutaceae servers reached 1 Gbit / s, equivalent to 13 thousand emails per second or 1.5 million emails in 2 minutes. The attack began around 7 am and lasted for 2,5 hours. The second wave of DDOS-attacks began three and a half hours and lasted for 5 hours. ICANN report confirms earlier estimates that the attack affected the ordinary Internet users "limited." The document also confirmed previous hypotheses concerning the possible area of ??origin of the attack - she was one of the countries of the East Asian region. However, there is no conclusive evidence that the botnet was located in the territory of the Republic of Korea. According to ICANN, the attack could be carried from the territory of several countries. However, given the fact that the IP-addresses from which were requests to the DNS-servers that could be imitated, say it is definitely not. It is possible that the source of the attack could be a so-called zombie computers in any other part of the world. The greatest burden fell on the DNS-server G, located in Ohio and administered by the Department of Defense, as well as on the server I, located in California and administered by ICANN. These two servers were the only six-attacked, not using anycast. According to representatives of ICANN, incomplete implementation of anycast technology was a conscious decision Rutaceae operators. "There were fears that the representation of several different servers as a single point of entry could pose a security risk" - the document says. Under the plan operators, you must first was to conduct tests on multiple servers, and then address the shortcomings. To counter future attacks by ICANN last year recommended the DNS-operators to confirm the IP-addresses of the sources of requests and receive requests only from trusted resources (such as their own clients). ICANN has recognized that the recommendations were met with "mixed success". Source: http://www.viruslist.com/ru/news?id=2073 ... Original Source: http://www.darkreading.com/document.asp? ... | |
|
| |
| Total comments: 0 | |