Neustar Research: DNSSEC Reflection Severe DDoS Risk
Neustar, Inc. (NYSE: NSR), a trusted, neutral provider of real-time information services, today published “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us a research report that details how Domain Name System Security Extensions (DNSSEC) can be subverted as an amplifier in Distributed-Denial-of-Service (DDoS) attacks. Neustar determined that on average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches.
“DNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack,” said Joe Loveless, Director Product Marketing, Security Services, Neustar. “If DNSSEC is not properly secured, it can be exploited, weaponized and ultimately used to create massive DDoS attacks.”
DNSSEC was designed to provide integrity and authentication to DNS, which it accomplishes with complex digital signatures and key exchanges. As a result, when a DNS record is transferred to DNSSEC, an extraordinary amount of additional information is created. Additionally, when issuing the DNS command, “ANY,” the amplified response from DNSSEC is exponentially larger than a normal DNS reply.
Key findings and recommendations from “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us” include:
- DNSSEC Vulnerabilities Are Prolific – Neustar examined one industry with 1,349 domains and determined 1,084 of them (80 percent) could be maliciously repurposed as a DDoS attack amplifier (they were signed with DNSSEC and responded to the “ANY” command).
- The Average DNSSEC Amplification Factor is 28.9 – Neustar tested DNSSEC vulnerabilities with an 80-byte query, which returned an average response of 2,313-bytes. The largest amplification response was 17,377-bytes, 217 times greater than the 80-byte query.
- The Anatomy of a DNSSEC Reflection Attack – Neustar illustrates the command and control servers required to run the botnets and scripts that target DNS name servers to execute DNSSEC amplification attacks.
- Best Practices for Mitigation –For organizations that rely on DNSSEC, Neustar recommends ensuring that your DNS provider does not respond to “ANY” queries or has a mechanism in place to identify and prevent misuse.
“Neustar is focused on using connected sciences to connect people, places and things, which is why network security is so imperative,” said Loveless. “As more organizations adopt DNSSEC, it is critically important to understand how to secure it. The time to fix it is now.”
For more information about “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us” please visit https://hello.neustar.biz/201608---Security-Services---Trade-Show---Black-Hat_DNSSEC-LP.html.
Every day, the world generates roughly 2.5 quadrillion bits of data. Neustar (NYSE: NSR) isolates certain elements and analyzes, simplifies and edits them to make precise and valuable decisions that drive results. As one of the few companies capable of knowing with certainty who is on the other end of every interaction, we’re trusted by the world’s great brands to make critical decisions some 20 billion times a day. We help marketers send timely and relevant messages to the right people. Because we can authoritatively tell a client exactly who is calling or connecting with them, we make critical real-time responses possible. And the same comprehensive information that enables our clients to direct and manage orders also stops attackers. We know when someone isn’t who they claim to be, which helps stop fraud and denial of service before they’re a problem. Because we’re also an experienced manager of some of the world’s most complex databases, we help clients control their online identity, registering and protecting their domain name, and routing traffic to the correct network address. By linking the most essential information with the people who depend on it, we provide more than 12,000 clients worldwide with decisions—not just data. More information is available at http://www.neustar.biz
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
AURAK Enters into a Memorandum of Understanding with Al-Farabi Kazakh National University22.7.2018 09:52 | Pressemelding
The American University of Ras Al Khaimah (AURAK) President, Professor Hassan Hamdan Al Alkim, and the Al-Farabi Kazakh National University (KazNU) Rector, Professor Galimkair Mutanov, of the Republic of Kazakhstan, signed a Memorandum of Understanding (MoU), agreeing to exchange students, faculty, and research. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180722005025/en/ The Al-Farabi Kazakh National University (KazNU) Rector, Professor Galimkair Mutanov, of the Republic of Kazakhstan and the American University of Ras Al Khaimah (AURAK) President, Professor Hassan Hamdan Al Alkim, exchange a gift to commemorate their universities uniting in an MoU agreement. (Photo: AETOSWire) In the spirit of fostering a close international relationship between the Republic of Kazakhstan and the United Arab Emirates, developing bilateral relations in educational and scientific fields, and wishing to make their own contributions to the
Philip Morris International Announces Non-Executive Board Chairman Louis Camilleri to Assume CEO Role at Ferrari S.p.A.21.7.2018 18:19 | Pressemelding
The board of directors of Philip Morris International (NYSE:PM) has its board member, Sergio Marchionne, and his family in our thoughts and prayers during this challenging time. We congratulate our board chairman, Louis Camilleri, as he assumes the role of CEO of Ferrari S.p.A. The long term relationship between our two companies is deep and meaningful and we look forward to continued business collaboration. Mr. Camilleri will continue to serve as non-executive chairman of the PMI board. Philip Morris International: Who We Are We are a leading international tobacco company engaged in the manufacture and sale of cigarettes and other nicotine-containing products in markets outside the United States of America. We’re building our future on smoke-free products. Through multidisciplinary capabilities in product development, state-of-the-art facilities and scientific substantiation, we aim to ensure that our smoke-free products meet adult consumer preferences and rigorous regulatory requirem
Loxam Announces a Conditional Agreement to Acquire UK Platforms20.7.2018 14:51 | Pressemelding
Loxam Group (“Loxam”) announces that its wholly-owned subsidiary Nationwide Platforms Limited (“Nationwide”) has entered into a conditional agreement with HSS Hire Group plc (“HSS”) with respect to the acquisition of UK Platforms Limited (“UKP”). UKP specializes in renting powered access equipment from its 12 branches located throughout the United Kingdom. The company has approximately 130 employees and operates a fleet of 3,000 units. UKP is controlled by HSS since 2013. As part of this transaction, Nationwide has entered into a commercial agreement with HSS to provide powered access equipment to complement HSS’ existing fleet. The closing of the transaction is subject to the approval by HSS’ shareholders and the confirmation that it will not be referred to the Competition and Mergers Authority. The transaction is expected to close before year end 2018. Don Kenny, CEO of Loxam’s Powered Access Division states: “I am delighted with the acquisition of UKP which will further reinforce NW
Schlumberger Announces Second-Quarter 2018 Results20.7.2018 11:00 | Pressemelding
Schlumberger Limited (NYSE: SLB) today reported results for the second quarter of 2018. (Stated in millions, except per share amounts) Three Months Ended Change Jun. 30, 2018 Mar. 31, 2018 Jun. 30, 2017 Sequential Year-on-year Revenue $8,303 $7,829 $7,462 6% 11% Pretax operating income $1,094 $974 $950 12% 15% Pretax operating margin 13.2% 12.4% 12.7% 75 bps 45 bps Net income - GAAP basis $430 $525 $(74) -18% n/m Net income, excluding charges & credits* $594 $525 $488 13% 22% Diluted EPS - GAAP basis $0.31 $0.38 $(0.05) -18% n/m Diluted EPS, excluding charges & credits* $0.43 $0.38 $0.35 13% 23% *These are non-GAAP financial measures. See section below entitled "Charges & Credits" for details. n/m = not meaningful Schlumberger Chairman and CEO Paal Kibsgaard commented, “The second quarter was both busy and exciting for Schlumberger as we completed a number of major milestones in preparation for the broad-based global activity upturn that is now emerging. We delivered solid top-line gro
H.I.G. Capital Announces the Sale of KidsFoundation19.7.2018 19:50 | Pressemelding
H.I.G. Capital (“H.I.G.”), a leading global private equity investment firm with more than €21 billion of equity capital under management, announced today that one of its affiliates has entered a definitive agreement to sell the KidsFoundation Group (“KidsFoundation”), the Dutch market leader in childcare services, to Onex Corporation (“Onex”)(TSX:ONEX). Terms were not disclosed. Headquartered in Almere, the Netherlands, KidsFoundation provides high-quality childcare to nearly 30,000 children between the ages of six weeks and 12 years. H.I.G. created KidsFoundation in 2014 through the acquisition of assets from the estate of Estro Group. During H.I.G.’s ownership, the company has developed strongly with significant capital invested by H.I.G. to create a high-quality childcare offering. H.I.G. worked with KidsFoundation management to optimise the footprint of the company by exiting loss-making locations, introduce new IT systems to drive operational improvement and develop an internal M&
SIG Combibloc Group Holdings S.à r.l.: 2018 Second Quarter Results19.7.2018 16:01 | Pressemelding
We are pleased to announce our quarterly conference call to discuss the results of SIG Combibloc Group Holdings S.à r.l. for the second quarter ended June 30, 2018. Date: Monday, July 23, 2018 Time: 15.00 CEST / 14.00 BST / 9.00 EDT The call information will be distributed on our secure site. If you would like access to our call, please contact email@example.com . Regards, SIG Combibloc Group Holdings S.à r.l. View source version on businesswire.com: https://www.businesswire.com/news/home/20180719005634/en/ Contact information SIG Combibloc Group Holdings S.à r.l. Jennifer Gough firstname.lastname@example.org