[10208] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, January 6, 2014
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jan 6 13:30:16 2014
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 6 Jan 2014 18:28:50 +0000
Message-ID: <CEF06011.5197E%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0603387434=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0603387434==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_CEF060115197Emyeatonexchangemitedu_"
--_000_CEF060115197Emyeatonexchangemitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. NTP, SNMP and CHARGEN Rate-limiting
2. Removing Personal Data from Old Devices
3. Security Predictions for 2014
-----------------------------------------------------------
1. NTP, SNMP and CHARGEN Rate-limiting
-----------------------------------------------------------
Late last week, Information Systems & Technology (IS&T) installed a rate-li=
miting policy on the MIT border routers to limit certain types of traffic.
Over the past year, several User Datagram Protocols (UDP) =97 including NTP=
(123/udp), SNMP (161/udp), and CHARGEN (19/udp) =97 have been used to perf=
orm distributed denial of service (DDoS) attacks. These attacks exploit the=
underlying behavior of UDP and asymmetric behavior in the NTP, SNMP, and C=
HARGEN protocols. In short, an attacker spoofs a small query from his/her t=
arget and the vulnerable service responds with a far larger response, ampli=
fying the query volume by up to 200-fold.
While these protocols are extremely useful in network management, this beha=
vior allows attackers to leverage MIT resources to attack third-parties. In=
extreme cases, as was experienced early last Friday morning, the volume ca=
n be large enough to disrupt MITnet connectivity.
As a result of the outage, a rate-limiting policy has been installed on the=
MIT border routers to limit traffic using the above-mentioned protocols fr=
om external addresses.
The PDF linked below provides more detail on UDP amplification/reflection a=
ttacks:
* An Analysis of DrDoS SNMP/NTP/CHARGEN Reflection Attacks<http://www.p=
rolexic.com/kcresources/white-paper/white-paper-snmp-ntp-chargen-reflection=
-attacks-drdos/An_Analysis_of_DrDoS_SNMP-NTP-CHARGEN_Reflection_Attacks_Whi=
te_Paper_A4_042913.pdf>
-------------------------------------------------------------
2. Removing Personal Data from Old Devices
-------------------------------------------------------------
This holiday season you may have received a new PC, laptop, tablet phone or=
other device. Before recycling, donating, or disposing of an old device, h=
elp protect your privacy by removing your personal information first.
Removing the data by simply =93erasing=94 or =93clearing=94 the information=
may not permanently remove the information from the device. While the data=
may not be visible to the average user, anyone with the right tools and kn=
ow-how could retrieve data stored in memory.
To make sure you don=92t leave behind anything that might be used against y=
ou, take the right steps. Learn how to remove sensitive data<http://kb.mit.=
edu/confluence/x/VgCPBg> from a mobile device or computer and learn about s=
ome (free) tools that can help.
------------------------------------------
3. Security Predictions for 2014
------------------------------------------
Every year around this time, security professionals look at the year ahead =
and the changing threat landscape to predict what might be the biggest thre=
ats emerging on the Internet.
Trend Micro offers this interactive and easy to follow online pamphlet<http=
://about-threats.trendmicro.com/us/security-predictions/2014/blurring-bound=
aries/>, with predictions for 2014 and beyond.
Their predictions include:
1. Basic two-step verification will no longer work against mobile Man in=
the Middle (MitM) attacks.
2. More cyber criminals will use targeted attack methods to compromise m=
achines and networks, using the weakest link in the chain: humans. They wil=
l also leverage proven vulnerabilities from the past.
3. Malware infection count is likely to surge due to the end of support =
for various software and operating systems.
4. Bad actors will increasingly use click jacking and watering hole tact=
ics and new exploits.
5. Attackers will target mobile device users even more, veering away fro=
m using email attachments for attacks.
6. One major data breach will occur each month.
7. Public distrust of privacy for individuals will continue.
Read the details online<http://about-threats.trendmicro.com/us/security-pre=
dictions/2014/blurring-boundaries/>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Systems & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_CEF060115197Emyeatonexchangemitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <DD80210318C79440BB1A5B75B953D079@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif;">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">In this=
issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. NTP, SNMP and CHARGEN =
Rate-limiting</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. Removing Personal Data=
from Old Devices</p>
<p style=3D"margin: 0px; font-family: Helvetica;">3. Security Predictions f=
or 2014</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. NTP, SNMP and CHARGEN =
Rate-limiting</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Late last week, Informati=
on Systems & Technology (IS&T) installed a rate-limiting policy on =
the MIT border routers to limit certain types of traffic.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Over the past year, sever=
al User Datagram Protocols (UDP) =97 including NTP (123/udp), SNMP (161/udp=
), and CHARGEN (19/udp) =97 have been used to perform distributed denial of=
service (DDoS) attacks. These attacks
exploit the underlying behavior of UDP and asymmetric behavior in the NTP,=
SNMP, and CHARGEN protocols. In short, an attacker spoofs a small query fr=
om his/her target and the vulnerable service responds with a far larger res=
ponse, amplifying the query volume
by up to 200-fold. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">While these protocols are=
extremely useful in network management, this behavior allows attackers to =
leverage MIT resources to attack third-parties. In extreme cases, as w=
as experienced early last Friday morning,
the volume can be large enough to disrupt MITnet connectivity. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">As a result of the outage=
, a rate-limiting policy has been installed on the MIT border routers to li=
mit traffic using the above-mentioned protocols from external addresses.</p=
>
<p style=3D"margin: 0px; font-family: Helvetica;"> </p>
<p style=3D"margin: 0px; font-family: Helvetica;">The PDF linked below prov=
ides more detail on UDP amplification/reflection attacks:</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://www.pr=
olexic.com/kcresources/white-paper/white-paper-snmp-ntp-chargen-reflection-=
attacks-drdos/An_Analysis_of_DrDoS_SNMP-NTP-CHARGEN_Reflection_Attacks_Whit=
e_Paper_A4_042913.pdf">An Analysis of
DrDoS SNMP/NTP/CHARGEN Reflection Attacks</a> </li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; color: rgb(4, 46, 238); mi=
n-height: 17px;">
<span style=3D"text-decoration: underline"></span><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; color: rgb(4, 46, 238); mi=
n-height: 17px;">
<span style=3D"text-decoration: underline"></span><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. Removing Personal Data=
from Old Devices</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">This holiday season you m=
ay have received a new PC, laptop, tablet phone or other device. Before rec=
ycling, donating, or disposing of an old device, help protect your privacy =
by removing your personal information
first.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Removing the data by simp=
ly =93erasing=94 or =93clearing=94 the information may not permanently remo=
ve the information from the device. While the data may not be visible to th=
e average user, anyone with the right tools
and know-how could retrieve data stored in memory.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">To make sure you don=92t =
leave behind anything that might be used against you, take the right steps.
<a href=3D"http://kb.mit.edu/confluence/x/VgCPBg">Learn how to remove sensi=
tive data</a> from a mobile device or computer and learn about some (free) =
tools that can help.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-----------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">3. Security Predictions f=
or 2014</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
-----------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Every year around this ti=
me, security professionals look at the year ahead and the changing threat l=
andscape to predict what might be the biggest threats emerging on the Inter=
net.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Trend Micro offers this <=
a href=3D"http://about-threats.trendmicro.com/us/security-predictions/2014/=
blurring-boundaries/">
interactive and easy to follow online pamphlet</a>, with predictions for 20=
14 and beyond.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Their predictions include=
:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<ol>
<li style=3D"margin: 0px; font-family: Helvetica;">Basic two-step verificat=
ion will no longer work against mobile Man in the Middle (MitM) attacks.
</li><li style=3D"margin: 0px; font-family: Helvetica;">More cyber criminal=
s will use targeted attack methods to compromise machines and networks, usi=
ng the weakest link in the chain: humans. They will also leverage proven vu=
lnerabilities from the past.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Malware infection c=
ount is likely to surge due to the end of support for various software and =
operating systems.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Bad actors will inc=
reasingly use click jacking and watering hole tactics and new exploits.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Attackers will targ=
et mobile device users even more, veering away from using email attachments=
for attacks.
</li><li style=3D"margin: 0px; font-family: Helvetica;">One major data brea=
ch will occur each month.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Public distrust of =
privacy for individuals will continue.
</li></ol>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://about-t=
hreats.trendmicro.com/us/security-predictions/2014/blurring-boundaries/">Re=
ad the details online</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Read all archived Securit=
y FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</p>
</div>
<div><br>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; orphans: 2; widows: 2;">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: =
separate; border-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"b=
order-collapse: separate; border-spacing: 0px;"><span class=3D"Apple-style-=
span" style=3D"border-collapse: separate; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; b=
order-spacing: 0px; font-size: 12px;">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Systems & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_CEF060115197Emyeatonexchangemitedu_--
--===============0603387434==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0603387434==--
