BlueSecurity Fall-Out Reveals Larger Problem 366
mdrebelx writes "For anyone following the BlueSecurity story, sadly the anti-spam crusader has raised the white flag. Brian Krebs with the Washington Post is reporting that after BlueSecurity's announcement, Prolexic and UltraDNS, which were both linked with BlueSecurity through business relations came under a DNS amplification attack that brought down thousands of sites.
While much of the focus about the BlueSecurity story has been centered on the question of what can be done about spam, I think a bigger question has been raised - is the Internet really that fragile? What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist clearly have the upper hand."
Re:weakest link (Score:2, Informative)
Re:Yes, the internet is that fragile (Score:4, Informative)
Any tool improperly used can possibly cause problems.
This a proper way to secure a Bind nameserver.
An example would be in your bind named.conf adding an acl section and adding to section options.
acl "trusted_queries" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };
acl "trusted_recursion" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };
options {
allow-query ( "trusted_queries" };
allow-recursion { "trusted_recursion" };
version "no version";
};
zone "some.zone.com" IN {
type master;
file "pri/some.zone.com.zone";
allow-query { any; };
};
Re:To get in front.. (Score:4, Informative)
Really? I looked around and can find no links through google for malicious zombie downloads on linux that will run on all flavors. Please post the link to one or a link to an article that disects one.
I'm not making the argument that linux can't be hacked - it can and I've seen the results of root kits. How many linux zombies are there? Is it proporational to the number of linux vs. windows machines? (Assuming Linux desktops and servers total 2% of desktops, 2% of spam zombies should be Linux, right? Where are the 4% of OSX zombies?)
It's about time to come up with a new type of server based messaging.
For every lock, there is a new way to pick it. For every type of security, there is a new way to hack it. This is a band-aid. The real problem is the fact that there is money to be made from this.
Just to give you an idea... (Score:5, Informative)
reincarnation? (Score:5, Informative)
warning: botnet operators 0wn the interweb! (Score:5, Informative)
I hope someone does something to deal with the botnet threats. Being able to suck multiple gigabits of bandwidth means 'they' can kill any small to medium sized internet operation if they want to via a range of attacks from the simple to the rather sophisticated.
Tier1 ISPs usually don't care other than possibly to try and filter all your traffic to prevent their other customers from suffering.
Some medium/larger sized companies use services like Akamai siteshield that are capable of sustaining a reasonable DDOS-ing but the botnet operators will eventually realise that the attacks are not just about knocking a site offline. Akamai will charge you for that traffic which will send the companies bankrupt anyway (and possibly quicker than going offline). In fact i was wondering how on earth bluesecurity were going to pay their bandwidth bill.
The defences we have against such attacks are pathetic. I was amused in an episode of 24 when they came under an online attack from terrorists and their new "CISCO FIREWALL" protects them, i mean seriously the firewalls are the least of your problems these days. If you come under attack from one of these serious russian dudes - you'd be looking at trying to filter the traffic well before it reaches the firewalls since your line and network would be saturated.
Re:interesting question about fragile (Score:5, Informative)
Traditionally yes, this might be "economic terrorism"(tm) according to the Dept. of Defense terroism is "the unlawful use of -- or threatened use of -- force or violence against individuals or property to coerce or intimidate governments or societies, often to achieve political, religious, or ideological objectives." This would seem to apply here.
Re:The internet is not fragile, its abused (Score:2, Informative)
We already do. They are refferred to as Nematodes. The primary paper on them is available online: http://www.blackhat.com/presentations/bh-federal-
I maintain some of these for my internal network. Difficult to code, but when you get it (and I haven't yet, I have just coded some well) they are awesome for security.
Also handy to do automatic analysis of open ports, and alerting etc. The world is your oyster, and these help prevent people stealing your pearl.
Re:Interesting how things change (Score:3, Informative)
Myth. See the entry on Paul Baran here [ibiblio.org]
Re:What isn't prohibited, is required. (Score:2, Informative)
Eran Reshef is the CEO of Blue Security, according to the article: "Earlier this week, Blue Security's CEO, Eran Reshef, said a Russian spammer operating under the name PharmaMaster orchestrated a string of attacks this week that disabled its site and sent threatening messages to its users."
PharmaMaster is not Eran Reshef.
Just in case someone decides to harrass him....
Re:interesting question about fragile (Score:4, Informative)
Don't rely on your ISP's DNS.
Lots of times my ISP's DNS has gone down and opennic has saved the day. Of course, they can go down too, but usually ONE of the two work.
Re:Interesting how things change (Score:4, Informative)
Do we really depend so much on the internet?
Yes! Last holiday season, over 10% of purchases made using Visa were online (Source [visa.com] - PDF). If you are familiar with trends, 10% is critical mass, the point at which a concept takes off. The Internet is very much an entrenched part of the first-world economy.
Re:reincarnation? (Score:3, Informative)
http://www.greebo.net/?p=339 [greebo.net]
Re:motivation (Score:3, Informative)
Title III of the Electronic Communications Privacy Act -- also known as the Pen Register Act.
The Pen Register Act requires that law enforcement obtain a court order from a judge before using a pen register or trap and trace device for surveillance.
The terms "pen register or trap and trace device" refer to a device which records or decodes dialing, routing, addressing or signaling information transmitted by an instrument or facility from which a a wire or electronic communication is transmitted.
Re:weakest link (Score:3, Informative)
i didnt read that in the article so how do you know? besides, last time i checked UltraDNS uses non-BIND name server software.
Re:Terrorism too strong a word (Score:2, Informative)
http://www.google.com/search?q=define%3AState+Spo
Terrorism is defined by the U.S. Department of Defense as "the unlawful use of -- or threatened use of -- force or violence against individuals or property to coerce or intimidate governments or societies, often to achieve political, religious, or ideological objectives."
The criteria of unlawfulness would generally rule out the prospect of terrorism being practiced by a government as it is the government that makes the laws. It may be practiced by individuals or groups within the government, if their actions are unlawful. Likewise you may believe that the laws enacted by your government are immoral or "evil"; however it does not fit the definition of terrorism. A government's actions may fit the definition of state terrorism or state-sponsored terrorism which as stated by the OP are separate concepts.
Perhaps you want to define terrorism differently; in any case if you want to have a dialogue about something, you first have to clearly agree on the definitions of the words you're going to use, and use the correct words to describe what you're talking about.
Re:interesting question about fragile (Score:3, Informative)
the functionality you describe is that of a very simple caching dns server, so - yes