RSS Alerts

Related Links

  • Infoblox
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Root zone switches to DNSSEC
    The last of the internet's 13 root servers has been switched to a secure version off the Domain Name System (DNS). This means that the entire root zone for the internet is now operating using DNSSEC.
  • Weekly brief, January 18 2010
    Infosecurity rounds up the security news from the past week.
  • Google Chrome in anonymity blunder
    The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users' identities, according to bug reports.
  • Google launches DNS service
    Google is hoping to beef up the web's security by providing its own domain name service (DNS). The search engine giant is asking companies to point their computers at its own DNS servers to get extra protection from DNS attacks, and to speed up their browsing.
  • Twitter, Facebook still suffering from internet packet delays
    The hacker attack on Twitter on Thursday afternoon UK time - which appears to have also spilled over to the Facebook social networking site - is now thought to have been the work of political activists who wanted to stop a pro-Georgian blogger - Cyxymu - from making his/her postings on the sites.

News

Misconfigured modems leave web open to DDoS attacks

17 November 2009

Poorly configured cable and DSL modems are leaving the internet open to distributed denial of service (DDoS) attacks based on rogue DNS queries, according to research to be released this week by Infoblox.

Research commissioned by Infoblox, a company that sells network services appliances including DNS servers, suggests that telecommunications companies are leaving their modems open to attackers who can use them to mount DDoS attacks. The fault lies with servers that have been configured for open recursive lookups.

The Domain Name System (DNS) is the function that translates an internet domain name into the underlying IP address of the server hosting the resource.

When your browser needs to find an IP address, it asks a DNS server to deliver the result. If it doesn't have the answer stored locally, that DNS server will ask another, which may ask yet another, until eventually a DNS server is reached that has the answer.

DNS servers that are open will take queries from any address on the web, whereas locked-down DNS servers only accept requests from a trusted set of addresses.

The DDoS attacks using rogue DNS queries work by spoofing the IP address of the client asking for the DNS lookup. Instead of giving the DNS server the real client's address, it will substitute it with the address of the internet-based server that it wants to hit with a DDoS attack.

The DNS server will then send the result - which is around 4Kb, and therefore far larger than the size of the original query - to the target. When large numbers of DNS servers are fooled into sending these results to the wrong address, it can stop the target from functioning.

Having a large number of residential broadband modems running DNS servers that are prepared to take queries from untrusted sources provides malicious parties with a perfect set of resources that they can use to mount a DDoS attack.

"The real danger is that these devices can be used in distributed denial of service attacks against others, and a population of only a thousand or so well-connected devices can mount a potent DDoS attack. We estimate that the population of these devices is over ten million", said Cricket Liu, spokesperson for Infoblox.

He added that the telecommunications carriers were responsible for the problem, because they failed to configure their devices properly. "They should ensure their devices on customer premises ship with a secure default configuration", he concluded.

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water