[IS&T Security-FYI] SFYI Newsletter, April 1, 2013

Mon Apr 1 14:58:45 EDT 2013

In this issue:

1. April 3: MIT Police Provides Laptop Tagging

2. Tips for Safer Computing Wherever You Are

3. Domain Name Server (DNS) Amplification Attacks

-----------------------------------------------------------

1. April 3: MIT Police Provides Laptop Tagging

-----------------------------------------------------------

This week<http://events.mit.edu/event.html?id=14994671&date=2013/4/3> the MIT Police is providing laptop STOP tagging and registration. STOP tags are a loss prevention measure and are a visual deterrent to thieves.

Time & Location:

12:00 - 1:30 pm on Wednesday, April 3

In the Stata Student Street, booth 2.

Bring your laptop and $10 cash or cost object code. No TechCash, checks or cards are accepted.

More information on laptop tagging and registration can be found here<http://kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>.

--------------------------------------------------------------

2. Tips for Safer Computing Wherever You Are

--------------------------------------------------------------

Whether you're at work, home, or traveling, there are a few measures you can take to help keep your data secure. Mike Halsall, of the IT Security Services team at MIT, recommends three basic practices for secure computing.

Read the full article online<http://ist.mit.edu/news/safer_computing>.

----------------------------------------------------------------------

3. Domain Name Server (DNS) Amplification Attacks

----------------------------------------------------------------------

According to a recent report by US-CERT<http://www.us-cert.gov>, Domain Name Server (DNS) amplification attacks are on the rise.  DNS amplification is a type of distributed denial of service (DDoS) attack that relies on the use of open recursive DNS servers to overwhelm a target system with misdirected DNS response traffic.

The basic attack technique is fairly simple.  An attacker sends a DNS name lookup request to an open recursive DNS server with the source address spoofed to the DDoS target’s address. When the DNS server sends the DNS record response, it is sent to the DDoS target and not the original requestor. Leveraging this technique many times over, the attacker is able to amplify the volume of traffic directed at the target. The attacker can leverage a botnet to perform additional spoofed DNS queries, thus increasing the amount of traffic sent to the target. Because the DNS responses are coming from valid DNS servers, it is extremely difficult for targeted machines and networks to block these types of attacks.

Network operators and administrators can help by instituting several simple mitigation strategies on their DNS servers. The primary element in the solution is the detection and disabling of open recursive DNS responses on domain name servers. These systems are typically legitimate DNS machines that have been improperly configured to respond to recursive queries on behalf of any system, rather than restricting recursive responses only to requests from local or authorized clients. By identifying these systems, an organization or network operator can reduce the likelihood of being leveraged in a DNS amplification attack.

How?

Several organizations offer free, web-based scanning tools that will search a network for vulnerable open DNS resolvers:

  *   Open DNS Resolver Project<http://openresolverproject.org/>
  *   The Measurement Factory<http://dns.measurement-factory.com/>
  *   DNS Inspect<http://www.dnsinspect.com/>

Additional mitigation and detailed information can be found in the US-CERT Alert on this issue, posted here<http://www.us-cert.gov/ncas/alerts/TA13-088A>. The recommendation is to disable recursion on authoritative name servers.

For DNS server administrators at MIT: if you have any questions or need assistance, please contact the IT Security Services team at security at mit.edu<mailto:security at mit.edu>.

An excellent article<http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet> was posted on the CloudFlare blog about the DDoS attack that occurred a few weeks ago using misconfigured DNS servers and is being billed as the "largest DDoS attack ever."

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130401/c73777f0/attachment.htm