On October 22, 2013, Cisco TRAC Threat Researcher Martin Lee wrote about Distributed Denial of Service (DDoS) attacks that leverage the Domain Name System (DNS) application protocol. As Martin stated, the wide availability of DNS open resolvers combined with attackers’ ability to falsify the source of User Datagram Protocol (UDP) packets creates a persistent threat to network operators everywhere.
Read More »
Tags: DDoS, dns, security, TRAC
Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This was reported to be a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack. It is possible that the DDoS attacks are related.
According to isitdownrightnow.com, the Network Solutions site has been having issues for at least the last 24 hours.
Response time in ms (GMT -8:00)
Read More »
Tags: cybersecurity, DDoS, dns, malware, security, TRAC, vulnerability
Having just returned home to New Jersey from Cisco Live US in Orlando, Florida, I thought I’d share my experiences as a Network Security Engineer both attending and presenting at this year’s conference.
There were approximately 20,000 attendees at this year’s conference, which I believe set a new Cisco Live attendance record! Considering the huge size of the conference, which rivals game day attendance at some small market Major League Baseball teams, I was amazed at the efficiency and organization of the conference—from the session logistics to the World of Solutions “happy hours” and the Customer Appreciation Event held at Universal Studios!
While listening to the various keynote speeches, most notably those from John Chambers, Padmasree Warrior, Rob Lloyd, and Edzard Overbeek, it’s clear that Security, is “Top of Mind” for the Cisco Leadership Team.
Out of the roughly 625 sessions, there were approximately 100 sessions and labs focused on security, including a few below, which were presented by some of my fantastic and extremely bright peers within the Security organization. Sessions and labs included relevant topics such as network threat defense, IPv6, threat mitigation, and intrusion prevent and signature development. Read More »
Tags: Black Hat USA, cisco live, Cisco Live 2013, Cisco Security, cisco sio, DDoS, IPv6, security
In the days leading up to #OpUSA, security professionals were busy making preparations for the supposed flood of new attacks coming on 7 May 2013. As we mentioned on 1 May 2013, publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In other cases, they are enhanced by increased publicity. By 4 May 2013, speculation arose that #OpUSA was a trap; this likely caused some potential participants to rethink their plans to join. Posts similar to the one below were made on Twitter, Facebook, and YouTube. Read More »
Tags: #OpUSA, Cisco Security, cybersecurity, DDoS, targeted attacks, TRAC
On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to summarize and inform readers of resources, recommendations, network mitigations, and best practices that are available to prevent, mitigate, respond to, or dilute the effectiveness of these attacks. This blog was a collaborative effort between myself, Kevin Timm, Joseph Karpenko, Panos Kampanakis, and the Cisco TRAC team.
If the attackers follow the same patterns as previously witnessed during the #OPISRAEL attacks, then targets can expect a mixture of attacks. Major components of previous attacks consisted of denial of service attacks and web application exploits, ranging from advanced ad-hoc attempts to simple website defacements. In the past, attackers used such tools as LOIC, HOIC, and Slowloris.
Publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In other cases, they are enhanced by increased publicity. Given the lack of specific details about participation or capabilities, the exact severity of the attack can’t be known until it (possibly) happens. Read More »
Tags: advisories, ASA, botnet, botnets, Cisco Security, Cloud Computing, cloud security, data center security, DDoS, exploits, firewall, incident response, IPS, IPS signatures, malware, mitigations, security, targeted attacks, TRAC, vulnerability