Cyber Security Institute
§ Current Worries
Top 3 Worries
- Regulations
- Old Firewall Configurations
- Security Awareness
§ Listening
For the best information
- The underground
- Audible
- Executive Excellence
- Music (to keep me sane)
§ Watching
For early warnings
- 150 Security Websites
- AP Newsfeeds
- Vendors
Friday, March 17, 2006
DNS recursion leads to nastier DoS attacks
A new kind of denial-of-service (DoS) attack has emerged that delivers a heftier blow to organisations’ systems than previously seen DoS threats, according to VeriSign’s security chief. The new DoS attacks first emerged in late December and kicked into high gear in January, before dying down four weeks ago, said Ken Silva, VeriSign’s chief security officer.
Under a more common distributed DoS (DDos) attack, a botnet—- a network of compromised PCs being remotely controlled—- directly inundates a victim’s Web server, name server or mail server with a multitude of queries. The goal of a DoS attack is to crash the victim’s system or take their Web site offline, as either tries to respond to the requests.
But in this latest spate of DDoS attacks, bots are sending queries to DNS servers with the return address pointed at the targeted victim.
While it is possible to stop a bot-delivered DDoS attack by blocking the bots’ IP addresses, blocking queries from DNS servers would prove more difficult, Silva said.