Tag Archives: dns

Defensive Security Podcast Episode 188





How Hackers Hijacked a Bank’s Entire Online Operation


Threat Brief: Credential Theft – The Keystone of the Shamoon 2 Attacks

Defensive Security Podcast Episode 142






Defensive Security Podcast Episode 38

Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Defensive Security Podcast Episode 30

Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Escrow service company forced to close after $1.5M theft resulting from malware: http://krebsonsecurity.com/2013/08/1-5-million-cyberheist-ruins-escrow-firm/

Incentives for complying with cyber framework: http://www.csoonline.com/article/737795/white-house-considers-incentives-for-cybersecurity?page=1

Benefits of expanding the cyber insurance market: http://nakedsecurity.sophos.com/2013/08/09/will-insurance-firms-be-the-big-winners-in-the-struggle-for-cyber-security/

Thousands of .nl domains redirected to black hole exploit kit: http://www.zdnet.com/dutch-dns-server-hack-thousands-of-sites-serve-up-malware-7000019196/


DNS Reflection Attacks

One of the interesting things about owning a server on the Internet is trying to keep the constant barrage of attackers at bay.  A few weeks back, I had been watching the raw traffic with tcpdump, trying to diagnose a problem and saw a huge number of DNS requests.  A closer look revealed the queries were coming in batches of about 3000 to 5000 from the same IP address over the course of a minute or so.  All of the queries were the same: an ANY request for one of the domains I host.  Continue reading DNS Reflection Attacks