<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Garamond, sans-serif; ">
<div>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; ">In this issue:</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">1. April 3: MIT Police Provides Laptop Tagging</p>
<p style="margin: 0px; font-family: Helvetica; ">2. Tips for Safer Computing Wherever You Are</p>
<p style="margin: 0px; font-family: Helvetica; ">3. Domain Name Server (DNS) Amplification Attacks</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">-----------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; ">1. April 3: MIT Police Provides Laptop Tagging </p>
<p style="margin: 0px; font-family: Helvetica; ">-----------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; "><a href="http://events.mit.edu/event.html?id=14994671&date=2013/4/3">This week</a> the MIT Police is providing laptop STOP tagging and registration. STOP tags are a loss prevention measure and are a visual deterrent
to thieves. </p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">Time & Location: </p>
<p style="margin: 0px; font-family: Helvetica; ">12:00 - 1:30 pm on Wednesday, April 3</p>
<p style="margin: 0px; font-family: Helvetica; ">In the Stata Student Street, booth 2.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">Bring your laptop and $10 cash or cost object code. No TechCash, checks or cards are accepted.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">More information on laptop tagging and registration can be found
<a href="http://kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Registration">
here</a>.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">--------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; ">2. Tips for Safer Computing Wherever You Are</p>
<p style="margin: 0px; font-family: Helvetica; ">--------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">Whether you're at work, home, or traveling, there are a few measures you can take to help keep your data secure. Mike Halsall, of the IT Security Services team at MIT, recommends three basic practices for secure
computing.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; "><a href="http://ist.mit.edu/news/safer_computing">Read the full article online</a>.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">----------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; ">3. Domain Name Server (DNS) Amplification Attacks</p>
<p style="margin: 0px; font-family: Helvetica; ">----------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">According to a recent report by <a href="http://www.us-cert.gov">
US-CERT</a>, Domain Name Server (DNS) amplification attacks are on the rise. DNS amplification is a type of distributed denial of service (DDoS) attack that relies on the use of open recursive DNS servers to overwhelm a target system with misdirected DNS response
traffic.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">The basic attack technique is fairly simple. An attacker sends a DNS name lookup request to an open recursive DNS server with the source address spoofed to the DDoS target’s address. When the DNS server sends
the DNS record response, it is sent to the DDoS target and not the original requestor. Leveraging this technique many times over, the attacker is able to amplify the volume of traffic directed at the target. The attacker can leverage a botnet to perform additional
spoofed DNS queries, thus increasing the amount of traffic sent to the target. Because the DNS responses are coming from valid DNS servers, it is extremely difficult for targeted machines and networks to block these types of attacks.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">Network operators and administrators can help by instituting several simple mitigation strategies on their DNS servers. The primary element in the solution is the detection and disabling of open recursive DNS
responses on domain name servers. These systems are typically legitimate DNS machines that have been improperly configured to respond to recursive queries on behalf of any system, rather than restricting recursive responses only to requests from local or authorized
clients. By identifying these systems, an organization or network operator can reduce the likelihood of being leveraged in a DNS amplification attack.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">How? </p>
<p style="margin: 0px; font-family: Helvetica; ">Several organizations offer free, web-based scanning tools that will search a network for vulnerable open DNS resolvers:</p>
<ul>
<li style="margin: 0px; font-family: Helvetica; "><a href="http://openresolverproject.org/">Open DNS Resolver Project</a>
</li><li style="margin: 0px; font-family: Helvetica; "><a href="http://dns.measurement-factory.com/">The Measurement Factory</a>
</li><li style="margin: 0px; font-family: Helvetica; "><a href="http://www.dnsinspect.com/">DNS Inspect</a>
</li></ul>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">Additional mitigation and detailed information can be found in the US-CERT Alert on this issue, posted
<a href="http://www.us-cert.gov/ncas/alerts/TA13-088A">here</a>. The recommendation is to disable recursion on authoritative name servers.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; ">For DNS server administrators at MIT: if you have any questions or need assistance, please contact the IT Security Services team at
<a href="mailto:security@mit.edu">security@mit.edu</a>.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style="margin: 0px; font-family: Helvetica; "><a href="http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet">An excellent article</a> was posted on the CloudFlare blog about the DDoS attack that occurred a few weeks ago using misconfigured
DNS servers and is being billed as the "largest DDoS attack ever."</p>
</div>
<div><br>
</div>
<div><span class="Apple-style-span" style="border-collapse: separate; font-family: Calibri; font-size: medium; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; font-family: Helvetica; font-size: 14px; ">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div>
<p style="margin: 0px; font-size: 14px; font-family: Arial; ">===================================================================================</p>
<p style="margin: 0px; font-size: 14px; font-family: Arial; ">Read all Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/">http://securityfyi.wordpress.com/</a>.</p>
<p style="margin: 0px; font-size: 14px; font-family: Arial; ">===================================================================================</p>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class="khtml-block-placeholder">
</div>
<br class="Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>