[3908] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, April 1, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Apr 1 15:00:58 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 1 Apr 2013 18:58:45 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F25316B43@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1508937793=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1508937793==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F25316B43OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F25316B43OC11EXPO24excha_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. April 3: MIT Police Provides Laptop Tagging
2. Tips for Safer Computing Wherever You Are
3. Domain Name Server (DNS) Amplification Attacks
-----------------------------------------------------------
1. April 3: MIT Police Provides Laptop Tagging
-----------------------------------------------------------
This week<http://events.mit.edu/event.html?id=3D14994671&date=3D2013/4/3> t=
he MIT Police is providing laptop STOP tagging and registration. STOP tags =
are a loss prevention measure and are a visual deterrent to thieves.
Time & Location:
12:00 - 1:30 pm on Wednesday, April 3
In the Stata Student Street, booth 2.
Bring your laptop and $10 cash or cost object code. No TechCash, checks or =
cards are accepted.
More information on laptop tagging and registration can be found here<http:=
//kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Re=
gistration>.
--------------------------------------------------------------
2. Tips for Safer Computing Wherever You Are
--------------------------------------------------------------
Whether you're at work, home, or traveling, there are a few measures you ca=
n take to help keep your data secure. Mike Halsall, of the IT Security Serv=
ices team at MIT, recommends three basic practices for secure computing.
Read the full article online<http://ist.mit.edu/news/safer_computing>.
----------------------------------------------------------------------
3. Domain Name Server (DNS) Amplification Attacks
----------------------------------------------------------------------
According to a recent report by US-CERT<http://www.us-cert.gov>, Domain Nam=
e Server (DNS) amplification attacks are on the rise. DNS amplification is=
a type of distributed denial of service (DDoS) attack that relies on the u=
se of open recursive DNS servers to overwhelm a target system with misdirec=
ted DNS response traffic.
The basic attack technique is fairly simple. An attacker sends a DNS name =
lookup request to an open recursive DNS server with the source address spoo=
fed to the DDoS target=92s address. When the DNS server sends the DNS recor=
d response, it is sent to the DDoS target and not the original requestor. L=
everaging this technique many times over, the attacker is able to amplify t=
he volume of traffic directed at the target. The attacker can leverage a bo=
tnet to perform additional spoofed DNS queries, thus increasing the amount =
of traffic sent to the target. Because the DNS responses are coming from va=
lid DNS servers, it is extremely difficult for targeted machines and networ=
ks to block these types of attacks.
Network operators and administrators can help by instituting several simple=
mitigation strategies on their DNS servers. The primary element in the sol=
ution is the detection and disabling of open recursive DNS responses on dom=
ain name servers. These systems are typically legitimate DNS machines that =
have been improperly configured to respond to recursive queries on behalf o=
f any system, rather than restricting recursive responses only to requests =
from local or authorized clients. By identifying these systems, an organiza=
tion or network operator can reduce the likelihood of being leveraged in a =
DNS amplification attack.
How?
Several organizations offer free, web-based scanning tools that will search=
a network for vulnerable open DNS resolvers:
* Open DNS Resolver Project<http://openresolverproject.org/>
* The Measurement Factory<http://dns.measurement-factory.com/>
* DNS Inspect<http://www.dnsinspect.com/>
Additional mitigation and detailed information can be found in the US-CERT =
Alert on this issue, posted here<http://www.us-cert.gov/ncas/alerts/TA13-08=
8A>. The recommendation is to disable recursion on authoritative name serve=
rs.
For DNS server administrators at MIT: if you have any questions or need ass=
istance, please contact the IT Security Services team at security@mit.edu<m=
ailto:security@mit.edu>.
An excellent article<http://blog.cloudflare.com/the-ddos-that-almost-broke-=
the-internet> was posted on the CloudFlare blog about the DDoS attack that =
occurred a few weeks ago using misconfigured DNS servers and is being bille=
d as the "largest DDoS attack ever."
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F25316B43OC11EXPO24excha_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <2ACF33EAB92CEF4AAC25B9E1E218FA02@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. April 3: MIT Police P=
rovides Laptop Tagging</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Tips for Safer Comput=
ing Wherever You Are</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Domain Name Server (D=
NS) Amplification Attacks</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. April 3: MIT Police P=
rovides Laptop Tagging </p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://events=
.mit.edu/event.html?id=3D14994671&date=3D2013/4/3">This week</a> the MI=
T Police is providing laptop STOP tagging and registration. STOP tags are a=
loss prevention measure and are a visual deterrent
to thieves. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Time & Location:&nbs=
p;</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">12:00 - 1:30 pm on Wedne=
sday, April 3</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">In the Stata Student Str=
eet, booth 2.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Bring your laptop and $1=
0 cash or cost object code. No TechCash, checks or cards are accepted.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">More information on lapt=
op tagging and registration can be found
<a href=3D"http://kb.mit.edu/confluence/display/istcontrib/MIT+Police&#=
43;Laptop+Tagging+and+Registration">
here</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Tips for Safer Comput=
ing Wherever You Are</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
--------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Whether you're at work, =
home, or traveling, there are a few measures you can take to help keep your=
data secure. Mike Halsall, of the IT Security Services team at MIT, recomm=
ends three basic practices for secure
computing.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://ist.mi=
t.edu/news/safer_computing">Read the full article online</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Domain Name Server (D=
NS) Amplification Attacks</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">According to a recent re=
port by <a href=3D"http://www.us-cert.gov">
US-CERT</a>, Domain Name Server (DNS) amplification attacks are on the rise=
. DNS amplification is a type of distributed denial of service (DDoS)=
attack that relies on the use of open recursive DNS servers to overwhelm a=
target system with misdirected DNS response
traffic.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The basic attack techniq=
ue is fairly simple. An attacker sends a DNS name lookup request to a=
n open recursive DNS server with the source address spoofed to the DDoS tar=
get=92s address. When the DNS server sends
the DNS record response, it is sent to the DDoS target and not the origina=
l requestor. Leveraging this technique many times over, the attacker is abl=
e to amplify the volume of traffic directed at the target. The attacker can=
leverage a botnet to perform additional
spoofed DNS queries, thus increasing the amount of traffic sent to the tar=
get. Because the DNS responses are coming from valid DNS servers, it is ext=
remely difficult for targeted machines and networks to block these types of=
attacks.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Network operators and ad=
ministrators can help by instituting several simple mitigation strategies o=
n their DNS servers. The primary element in the solution is the detection a=
nd disabling of open recursive DNS
responses on domain name servers. These systems are typically legitimate D=
NS machines that have been improperly configured to respond to recursive qu=
eries on behalf of any system, rather than restricting recursive responses =
only to requests from local or authorized
clients. By identifying these systems, an organization or network operator=
can reduce the likelihood of being leveraged in a DNS amplification attack=
.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">How? </p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Several organizations of=
fer free, web-based scanning tools that will search a network for vulnerabl=
e open DNS resolvers:</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://openr=
esolverproject.org/">Open DNS Resolver Project</a>
</li><li style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://=
dns.measurement-factory.com/">The Measurement Factory</a>
</li><li style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://=
www.dnsinspect.com/">DNS Inspect</a>
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Additional mitigation an=
d detailed information can be found in the US-CERT Alert on this issue, pos=
ted
<a href=3D"http://www.us-cert.gov/ncas/alerts/TA13-088A">here</a>. The reco=
mmendation is to disable recursion on authoritative name servers.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">For DNS server administr=
ators at MIT: if you have any questions or need assistance, please contact =
the IT Security Services team at
<a href=3D"mailto:security@mit.edu">security@mit.edu</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://blog.c=
loudflare.com/the-ddos-that-almost-broke-the-internet">An excellent article=
</a> was posted on the CloudFlare blog about the DDoS attack that occurred =
a few weeks ago using misconfigured
DNS servers and is being billed as the "largest DDoS attack ever.&quo=
t;</p>
</div>
<div><br>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Read all Se=
curity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F25316B43OC11EXPO24excha_--
--===============1508937793==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1508937793==--
