Tag Archives: dns

Defensive Security Podcast Episode 188

https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/

https://www.bleepingcomputer.com/news/security/former-sysadmin-accused-of-planting-time-bomb-in-companys-database/

http://www.computerworld.com/article/3189059/security/what-prevents-breaches-process-technology-or-people-one-answer-is-pc-and-one-is-right.html

http://www.csoonline.com/article/3187422/network-security/report-30-of-malware-is-zero-day-missed-by-legacy-antivirus.amp.html

How Hackers Hijacked a Bank’s Entire Online Operation

http://news.softpedia.com/news/two-laptops-with-hong-kong-s-3-7-million-voters-data-stolen-514346.shtml

Threat Brief: Credential Theft – The Keystone of the Shamoon 2 Attacks

Defensive Security Podcast Episode 142

https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html

http://www.csoonline.com/article/3012443/security/how-the-nsa-uses-behavior-analytics-to-detect-threats.html#tk.rss_all

http://www.databreachtoday.com/wyndham-agrees-to-settle-ftc-breach-case-a-8737

https://technet.microsoft.com/en-us/library/security/ms15-127.aspx

https://www.reddit.com/r/sysadmin/comments/3wa8rl/early_warning_system_for_cryptowall_crypto_canary/

Defensive Security Podcast Episode 38

Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Defensive Security Podcast Episode 30

Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Escrow service company forced to close after $1.5M theft resulting from malware: http://krebsonsecurity.com/2013/08/1-5-million-cyberheist-ruins-escrow-firm/

Incentives for complying with cyber framework: http://www.csoonline.com/article/737795/white-house-considers-incentives-for-cybersecurity?page=1

Benefits of expanding the cyber insurance market: http://nakedsecurity.sophos.com/2013/08/09/will-insurance-firms-be-the-big-winners-in-the-struggle-for-cyber-security/

Thousands of .nl domains redirected to black hole exploit kit: http://www.zdnet.com/dutch-dns-server-hack-thousands-of-sites-serve-up-malware-7000019196/

 

DNS Reflection Attacks

One of the interesting things about owning a server on the Internet is trying to keep the constant barrage of attackers at bay.  A few weeks back, I had been watching the raw traffic with tcpdump, trying to diagnose a problem and saw a huge number of DNS requests.  A closer look revealed the queries were coming in batches of about 3000 to 5000 from the same IP address over the course of a minute or so.  All of the queries were the same: an ANY request for one of the domains I host.  Continue reading DNS Reflection Attacks