Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS Security |
Sponsored by |
|
Here we are with CircleID's annual roundup of top ten most popular posts featured during 2013 (based on overall readership). Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2014. more
This year, 2013, I got 24 days of IPv6 and DNSSEC measurements. All in all it created 15GB logs with more than 62 million rows. On the 21st of December, early in the morning, the goat was "traditionally" burnt down, however this year with one exception. Via the Swedish newspaper Expressen the arsonists anonymously took the blame and also filmed their own act. more
The 1st Latin American & Caribbean DNS Forum was held on 15 November 2013, before the start of the ICANN Buenos Aires meeting. Coordinated by many of the region's leading technological development and capacity building organizations, the day long event explored the opportunities and challenges for Latin America brought on by changes in the Internet landscape, including the introduction of new gTLDs such as .LAT, .NGO and others. more
DNS tunneling -- the ability to encode the data of other programs or protocols in DNS queries and responses -- has been a concern since the late 1990s. If you don't follow DNS closely, however, DNS tunneling likely isn't an issue you would be familiar with. Originally, DNS tunneling was designed simply to bypass the captive portals of Wi-Fi providers, but as with many things on the Web it can be used for nefarious purposes. For many organizations, tunneling isn't even a known suspect and therefore a significant security risk. more
Previous posts (Part 1 and Part 2) offer background on DNS amplification attacks being observed around the world. These attacks continue to evolve. Early attacks focused on authoritative servers using "ANY" queries for domains that were well known to offer good amplification. Response Rate Limiting (RRL) was developed to respond to these early attacks. RRL, as the name suggests, is deployed on authoritative servers to rate limit responses to target names. more
There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish. more
Geoff Huston's recent post about the rise of DNS amplification attacks offers excellent perspective on the issue. Major incidents like the Spamhaus attack Geoff mentions at the beginning of his post make headlines, but even small attacks create noticeable floods of traffic. These attacks are easy to launch and effective even with relatively modest resources and we see evidence they're occurring regularly. Although DNS servers are not usually the target of these attacks the increase in traffic and larger response sizes typically stress DNS infrastructure and require attention from operation teams. more
"The General Services Administration is analyzing what caused an outage of .gov websites for a few hours Wednesday morning," reports Federal Times. Officials said the problem involved so-called DNSSEC cybersecurity measures that affected access to certain .gov sites, according to GSA spokeswoman Mafara Hobson. more
Respected ICANN Chairman of the Board Steve Crocker has wrapped up his organisation's 47th International Meeting, held in Durban last week, with a message to the community. This message, reproduced here in its entirety, provides both a useful and concise summary of the Durban meeting and insights into the Chairman's view of where ICANN stands at the moment, the successes it has notched up and the challenges it faces. more
For some time now we've been tracking the progress of the deployment of DNSSEC in the Internet. Its been a story of an evolution of the measurement technique... In the process we've learned perhaps more than we had wanted to about the behaviour of Flash engines, Apache web servers and FreeBSD system tuning, and also learned much more than we had anticipated about the finer details of Google's online ad presentation behaviour. But one thing we did not see in all of this was any large scale jumps in the level of client use of DNSSEC validation over this period at the start of the year. more
The Internet Society today announced it has signed a Memorandum of Understanding with Shinkuro and Parsons to collaborate on multiple initiatives to promote the global deployment of Domain Name System Security Extensions (DNSSEC). more
The first Africa DNS Forum will take place on Friday, July 12, and Saturday, July 13, 2013, in Durban, South Africa, in advance of next week's ICANN 47 meeting. Jointly organized by AfTLD, ICANN and the Internet Society, the Africa DNS Forum "aims to establish a platform for the DNS community across Africa and to advance the domain name industry and domain name registrations on the continent." more
Since last fall, several waves of distributed denial of service (DDoS) attacks have targeted major players in the U.S. banking industry. JPMorgan Chase, Wells Fargo and PNC were among the first to sustain intermittent damage. Eventually, the top 50 institutions found themselves in the crosshairs... In the months to come, security experts would praise the banks' collective response, from heightened DDoS protection to candid customer communications.. these larger institutions have learned some painful lessons that smaller firms might heed as they seek to minimize risks. more
For nearly all communications on today's Internet, domain names play a crucial role in providing stable navigation anchors for accessing information in a predictable and safe manner, irrespective of where you're located or the type of device or network connection you're using. Over the past 15 years hundreds of millions of domain names have been added to the Internet's Domain Name System (DNS), and well over two billion (that's Billion!) new users, some ~34 percent of the global population, have become connected. more
It would be one of the ironies of global technology development that the West has effectively so far followed a Jugaad principle of "good enough" innovation for DNS security, whereas India could well embrace all the latest advances in DNS security as its Internet economy grows. Like most other protocols from the early Internet, the DNS protocol was not designed with security built in. For those protocols, security services were typically either implemented at a different layer of the protocol stack, or were added on later. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
