CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 10th, 2009

Ladyboydolls.com Website Attacked By Recently Discovered Type Of DDoS

A sustained cyber-attack against a niche pornography sites has demonstrated a novel way to inflict major damage on hardened targets using a modest amount of data, a security researcher has warned.

The ongoing attacks on several sites related to transvestite porn work by sending hundreds of thousands of domain name servers a steady stream of packets that contain little more than the character “.” The queries, which are forged so they appear to have been sent from sites such as ladyboydolls.com and triplexbonanza.com, prompt the DNS servers to respond to the targets with a list of the internet’s root servers, responses that contain about eight times more data than the initial request.

The attacks began in mid January and have used some 750,000 DNS servers to spew about 5Gbps worth of junk response packets at one victim alone, said Phil Rosenthal, CTO of ISPrime, an internet provider for one of the sites being attacked. The company has since been able to mitigate the attack using a variety of methods.

The technique tricks the net’s authoritative name servers into bombarding innocent victims with more data than they can handle. It is growing increasingly common and it’s likely only a matter of time before commercial attack kits add it to their arsenal, said Don Jackson, a researcher with Atlanta-based security provider SecureWorks. He also warned there is no easy fix because any remedy will potentially require settings for millions of DNS, or domain-name system, servers to be individually changed.

“The amplifiers in this attack are name servers configured to what is considered best practices,” Jackson told The Register. Preventing the attack will require administrators to make changes to the software running each vulnerable DNS server on the internet, he added.

The amplification technique exploits an artifact in the net’s DNS from the days when it was considered harmless for a name server to respond to misdirected name queries with the name of a more appropriate server to make the request. Read together, RFCs 1034, 1035 and 1912 call for name servers that are queried for the location of the root servers to honor the request, Jackson and others say.

“There’s really no reason to tell the requester that information,” said Randal Vaughn, a professor of information systems at Baylor University and an expert in DNS amplification. “The problem is more related to the fact that at one time DNS servers would need to ask each other for help. When name servers started out, there were assumptions made that requests are legitimate, so we’ll answer them.”

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • BBC Website Hit By DDoS Attack
  • Eastern European Banks Under Attack By Next-gen Crime App
  • Anonymous DDoS Attack Against AFACT Affected Almost 8000 Unrelated Websites
  • Radio Free Europe Have Been Under Heavy DDOS
  • Pro-Wikileaks Attacks Hit PayPal Blog, Swedish Prosecutors, Swiss Bank’s PostFinance.ch, MasterCard

    • Posted in Botnets, DDoS, Targeted Attacks, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Tuesday, February 10th, 2009 at 2:30 am and is filed under Botnets, DDoS, Targeted Attacks, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Ladyboydolls.com Website Attacked By Recently Discovered Type Of DDoS

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »