Cisco Blogs


Cisco Blog > Security

When Network Clocks Attack

TRACIn October 2013, Cisco TRAC discussed Network Time Protocol (NTP) as a possible vector for amplified distributed denial of service (DDoS) attacks. Litnet CERT has since revealed that their NTP servers were used in a denial of service (DoS) attack. Symantec also published information regarding an NTP amplification-based DDoS attack that occurred in December 2013. On December 7, 2013, a hackforums.net user posted an NTP amplification DDoS script to Pastebin. The NTP DDoS script is heavily obfuscated Perl, though the plain text at the top credits the “leaking” of the script to an individual who goes by the handle Starfall. Brian Krebs also mentioned someone going by the name Starfall as a paying user of booter.tw. They may be the same person.

Decoding the obfuscated Perl yields some interesting insights. For example, this code near the top of the script has nothing to do with the NTP DDoS functionality:

ntpddos
The code above downloads a program called spoof.pl from IP 84.33.192.46, then runs and erases that program while writing the text “j00 g0t 0wn3d s0n” into a hidden file. Unfortunately, we were unable to obtain a copy of the spoof.pl script, but the ominous “j00 g0t 0wn3d s0n” text indicates the purpose of the program was likely to compromise the machine of anyone who was running the obfuscated NTP DDoS script. Is there no honor among hackers?
Read More »

Tags: , , , ,

Securing the Internet of Everything: An Architectural View

As a follow up to my introductory blog on Securing the Internet of Everything, I would like to discuss further the security implications that will comprise proposed framework. As the applications of the IoT/M2M affect our daily lives, whether it is in the Industrial Control, Transportation, Smartgrid or Healthcare, it becomes imperative to ensure a secure IoT/M2M system. As the use of IP networks are employed, IoT/M2M applications have already become a target for attacks that will continue to grow in both quantity and sophistication. Both the scale and context of the IoT/M2M make it a compelling target for those who would do harm to companies, organizations, nations, and people.

The targets are abundant and cover many different industry segments. The potential impact spans from minor irritant to grave and significant damage and loss of life. The threats in this environment can be similarly categorized as those in the traditional IT environments. It’s useful to consider general platform architecture when discussing IoT security challenges. Below is the platform architecture that uses to frame IoT/M2M discussions.

While many existing security technologies and solutions can be leveraged across this architecture, perhaps especially across the Core and Data Center Cloud layers, there are unique challenges for the IoT. The nature of the endpoints and the sheer scale of aggregation in the data center require special attention.

The architecture is composed of four similar layers to those described in general network architectures. The first layer of the IoT/M2M architecture is comprised of Read More »

Tags: , , , , , , , , , , , ,

Protecting Our Networks: It’s a Team Game Now!

January 3, 2013 at 12:31 pm PST

I have been coaching youth sports for the past seven plus years now and one of my common mantras when speaking to the girls and boys each season is that “we will win as a team and lose as a team.”  In other words, I will never tolerate one player acting selfishly enough to think he or she is above everyone else on the team.  I strive to instill the objective that we will collectively pool our talents for the betterment of the team.  We use this approach because each boy and girl, believe it or not, brings with himself or herself a unique set of abilities and strengths with which the entire team will benefit.

So why should you care about my coaching philosophies?  :-)  Read More »

Tags: , , , , ,

A New Twist on Denial of Service: DDoS as a Service

At Cisco, we are fortunate to be at the vanguard of many exciting developments in networking and IT technology. Borderless Networks — where we connect anyone, anywhere, any device, and enable voice, video, and data — is a prime example. Enabling secure access to the cloud, powering SaaS for the enterprise, and helping IT successfully cope with the consumerization of enterprise IT are core elements of this effort.

Trends can sometimes run in surprising directions. While the white hat side of the house is enabling services and applications (Salesforce.com), and even core IT functions such as email and office productivity (Google Docs) are available in hosted or web delivered forms, the black hat side of the house is also not letting technology pass them by. For instance, take IMDDOS, a Chinese company with a name that should perhaps be read “I’m DDoS.”

Read More »

Tags: , ,