Google Public DNS Server Spoofed for SNMP based DDoS Attack

The Distributed Denial of Service (DDoS) attack is becoming more sophisticated and complex, and, according to security experts, the next DDoS vector to be concerned about is SNMP (Simple Network Management Protocol) amplification attacks.

Yesterday afternoon, the SANS Internet Storm Center reported SNMP scans spoofed from Google’s public recursive DNS server searching for vulnerable routers and other devices that support the protocol with DDoS traffic and are opened to the public Internet.

"We are receiving some reports about SNMP scans that claim to originate from 8.8.8.8 (Google's public recursive DNS server)," wrote Johannes Ullrich, dean of research of the SANS Technology Institute and head of the Internet Storm Center. "This is likely part of an attempt to launch a DDoS against Google by using SNMP as an amplifier/reflector."

Simple Network Management Protocol (SNMP) is a UDP-based protocol designed to allow the monitoring of network-attached devices by querying information about their configuration. SNMP-enabled devices with such configurations can be found both in home and business environments and is typically used in devices such as printers, switches, firewalls and routers.

The ISC is investigating the magnitude of SNMP attacks, and discovered few packets that were targeting default passwords used by SNMP.

According to Ullrich, the attack uses the default "read-write" community string of "private." SNMP command is actually a "set" command that uses this default string as a password, and "private" is a common by-default password.

If the attack is successful, it tries to modify the configuration variables in the affected device, the TTL (Time To Live) variable is set to 1 which, according to Ullrich, "would make it impossible for the gateway to connect to other systems that are not on the same link-layer network." It also sets the Forwarding variable to 2, which turns off IP forwarding.

Ullrich said ThreatPost that he’s continuing his research on the attack, and admins should be on the lookout for packets from the source IP 8.8.8.8, which is Google’s public recursive DNS server, with a target UDP port of 161.

Many Large-scale DDoS attacks in the past year have used misconfigured DNS (Domain Name System) and NTP (Network Time Protocol) servers for amplification or reflection, in order to amp up the amount of traffic directed at a target.

In DNS reflection attacks, hackers take advantage of the millions of misconfigured DNS, known as open recursive resolvers or open recursors, on the Internet to amplify a much smaller attack into a larger data flood in an effort to get high attack bandwidth. Also earlier this year, more than 24 million home routers were targeted in DNS-based amplification attacks, from which more than five million were used during February alone as the starting point for DDoS attacks.

In Network Time Protocol (NTP) amplification attack, hackers have reached new heights of about 400 Gbps at its peak of traffic, which was greater than ever in history of the Internet. Hackers abuses the NTP servers by sending small spoofed 8-byte UDP packets to the vulnerable server that requests a large amount of data (megabytes worth of traffic) to be sent to the DDoS'd target IP Address.

The distributed reflection and amplification (DrDoS) attack allows an attacker to use a little skill and relatively small amount of resources in an attempt to create a larger data flood, therefore has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet, and with time, it will rise.

By "Kunal Vohra", Director@H2K

Still Having Problem..!!! Connect with Admin 

 Kunal Vohra Download Our Official Android App & Get Free Internet

"The Hackers Street"

For Daily Updates 

3 Basic Tips to Prevent A DDoS Attack

By "Kunal Vohra", Director@H2K

Distributed denial-of-service (DDoS) attacks are always in top headlines worldwide, as they are plaguing websites in banks, and virtually of almost every organization having a prominent online presence. The main cause behind the proliferation of DDoS attacks is that there is a very low-cost that the attacker has to incur to put such attack in motion. Fortunately, today various prevention methods have been developed to tackle such attacks. Before delving further into understanding about the ways to prevent DDoS attack, let’s first understand what exactly a DDoS attack is!

Understanding DDOS Attack

A DDoS (distributed denial-of-service) attack is an attempt made by attackers to make computers’ resources inaccessible to its anticipated user. In order to carry out a DDOS attack the attackers never uses their own system; rather they create a network of zombie computers often called as a “Botnet” – that is a hive of computers, to incapacitate a website or a web server.

Let’s understand the basic idea! Now, the attacker notifies all the computers present on the botnet to keep in touch with a particular site or a web server, time and again. This increases traffic on the network that causes in slowing down the speed of a site for the intended users. Unfortunately, at times the traffic can be really high that could even lead to shutting a site completely.

3 Basic Tips to Prevent a DDoS Attack

There are several ways to prevent the DDOS attack; however, here in this guest post I’ll be covering three basic tips that will help you to protect your website from the DDoS attack.

1. Buy More Bandwidth.

One of the easiest methods is to ensure that you have sufficient bandwidth on your web. You’ll be able to tackle lots of low-scale DDOS attacks simply by buying more bandwidth so as to service the requests. How does it help? Well, distributed denial of service is a nothing more than a game of capacity. Let’s suppose you have 10,000 computer systems each distributing 1 Mbps directed towards your way. This means you’re getting 10 GB of data that is hitting your web server every second. Now, that’s causes a lot of traffic!

So to avoid such issue, you need to apply the same rule intended for normal redundancy. According to this technique, if you wish to have more web servers just multiply around diverse datacenters and next make use of load balancing. By spreading your traffic to various servers will help you balance the load and will most likely create large space adequate to handle the incessant increase in traffic.

However, there’s a problem with this method that is buying more bandwidth can be a costly affair. And as you’ll know that the current DDoS attacks are getting large, and can be a lot bigger exceeding your budget limit.

2. Opt for DDoS Mitigation Services.

A lot of network or Internet-service providers render DDoS mitigation capabilities. Look for an internet service provider having the largest DDoS protection and mitigation network, automated tools, and a pool of talented anti-DDoS technicians with the wherewithal to take action in real-time as per the varying DDoS attack characteristics. A viable alternative is to utilize a DDoS prevention appliance, which is specifically intended to discover and prevent distributed denial-of-service attacks.

3. Restricted Connectivity.

In case you have computer systems that are connected to the web directly, a better idea is to properly install/configure your routers and firewall so as to limit the connectivity. For an instance, while receiving some data from a client machine you can only allow traffic to pass from the machine only on a few chosen ports (like HTTP, POP, SMTP etc.) via the firewall.

Wrapping Up!

Websites are largely getting attacked by hackers every second. Denial-of-service attack is insanely getting huge and is creating a lot of problems for business organizations having strong online vicinity. In this guest post you’ll not only understand what a DDoS attack actually means, but will also come to know about a few type of methods to prevent DDoS attacks. Aforementioned are three tips that I’ll recommend you to run through to at least understand where to get started towards building a resilient web networkwith chances of surviving a DDoS attack.

Still Having Problem..!!! Connect with Admin 

 Kunal Vohra Download Our Official Android App & Get Free Internet

"The Hackers Street"

For Daily Updates 

How a 'denial of service' attack works

Admin Kunal Vohra here with a knowledge fullpost "DOS Attack" 

First, it was Yahoo.

Then Buy.com, on the day the discount e-tailer went public. One by one, leading sites on the Web have been brought to their knees by so-called denial of service attacks. Such attacks flood a Web server with false requests for information, overwhelming the system and ultimately crashing it. The following graphics explain how such attacks work and how companies can possibly prevent them.

How a "denial of service" attack works

In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.

In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.

Typical connection

"Denial of service" attack

How to block a "denial of service" attack

One of the more common methods of blocking a "denial of service" attack is to set up a filter, or "sniffer," on a network before a stream of information reaches a site's Web servers. The filter can look for attacks by noticing patterns or identifiers contained in the information. If a pattern comes in frequently, the filter can be instructed to block messages containing that pattern, protecting the Web servers from having their lines tied up.

Still Having Problem..!!! Connect with Admin Kunal Vohra
Download Our Official Android App & Get Free Internet*
"The Hackers Street"
For Daily Updates