Tag Archives: dns

Defensive Security Podcast Episode 142

https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html

http://www.csoonline.com/article/3012443/security/how-the-nsa-uses-behavior-analytics-to-detect-threats.html#tk.rss_all

http://www.databreachtoday.com/wyndham-agrees-to-settle-ftc-breach-case-a-8737

https://technet.microsoft.com/en-us/library/security/ms15-127.aspx

https://www.reddit.com/r/sysadmin/comments/3wa8rl/early_warning_system_for_cryptowall_crypto_canary/

Defensive Security Podcast Episode 38

Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Defensive Security Podcast Episode 30

Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Escrow service company forced to close after $1.5M theft resulting from malware: http://krebsonsecurity.com/2013/08/1-5-million-cyberheist-ruins-escrow-firm/

Incentives for complying with cyber framework: http://www.csoonline.com/article/737795/white-house-considers-incentives-for-cybersecurity?page=1

Benefits of expanding the cyber insurance market: http://nakedsecurity.sophos.com/2013/08/09/will-insurance-firms-be-the-big-winners-in-the-struggle-for-cyber-security/

Thousands of .nl domains redirected to black hole exploit kit: http://www.zdnet.com/dutch-dns-server-hack-thousands-of-sites-serve-up-malware-7000019196/

 

DNS Reflection Attacks

One of the interesting things about owning a server on the Internet is trying to keep the constant barrage of attackers at bay.  A few weeks back, I had been watching the raw traffic with tcpdump, trying to diagnose a problem and saw a huge number of DNS requests.  A closer look revealed the queries were coming in batches of about 3000 to 5000 from the same IP address over the course of a minute or so.  All of the queries were the same: an ANY request for one of the domains I host.  Continue reading DNS Reflection Attacks