Are you having problems with the home internet speed and with surprisingly high internet bills?
Maybe your router is one of the 120,000 used by Australians that is vulnerable to a new type of scam being leveraged by criminals who use them to launch cyber attacks.
The IT security firm Nominum discovered that as many as 24 million routers around the world are affected by a simple configuration issue that hackers can leverage.
The results of these hackers’ attacks are slowed internet speed and potential rise in the internet bills. The reason is that, through various techniques, small DNS query are turned into a much larger payload directed at the target network. The attacker composes a DNS request message of approximately 60 bytes to trigger delivery of a response message of approximately 4000 bytes to the target. The resulting amplification factor, approximately 70:1, significantly increases the volume of traffic the target receives, accelerating the rate at which the target's resources will be depleted. This is what is known as a distributed-denial-of-service (DDoS) system amplification attack.
Bruce Van Nice, a director at Nominum says “"People may see that their internet service starts to slow down either because their access connection is congested with traffic or because their home gateway is busy proxying these queries and forwarding huge answers back to a target. But they have no idea that their home router is potentially being bombarded with [these] queries.''
DNS amplification is one of the more popular attack types. It's hard to defend against DDoS attacks. There are actually two separate issues: keeping your network from being attacked by others and hardening your machines so they can't be compromised and used in attacks.
The first step is to protect your own network against being attacked. This is hard to do, since any network is vulnerable to being overloaded by seemingly-legitimate traffic. Turning on ingress filtering will help screen out junk packets. In addition, there are a number of settings that you can adjust to harden it against common attacks. Here's what to do:
- Go to Microsoft's security bulletin site. Download all the pertinent patches that you don't already have installed.
- Configure your firewall to block traffic on any port you don't actually need.
- Review the TCP/IP hardening settings described in " Security Considerations for Network Attacks ". Apply them to any server which is exposed directly to the Internet.
Unfortunately, protecting your machines against attacks can be difficult because attackers keep changing their modus operandi. It's simpler to prevent your computers from becoming zombies and contributing to the DDoS problem.
For more information on how to protect your machine visit our website or contact us.