DDoS attacks using exposed ISPs of more than 24 Million routers

The home routers are riding a wave of popularity due to the fact that people have many devices to connect to at home and most of them use WiFi. The objective of attackers is to generate as much traffic as well so that the network gets choked resulting in the network being inaccessible for the users. According to Nominum, there has been significant increase in number of DNS-based DDoS amplification attacks on home routers

Tens of millions, 24 million, expose ISPs to DNS-based DDoS because of open DNS proxies.

More than 5.3 million of these routers were used just in February 2014 for amplification attacks.

DNS is the most popular and easy method of amplification attacks.

Attackers are constantly registering new domains just for amplification attacks.

The attacks result in hurting ISPs in many ways: chocking the bandwidth of the network; support costs increases as costumers call in large numbers; the ISPs need to spend more money to retain their customers and upgrade their defense; and the reputation of an ISP gets affectedThe attacks result in hurting ISPs in many ways: chocking the bandwidth of the network; support costs increases as costumers call in large numbers; the ISPs need to spend more money to retain their customers and upgrade their defense; and the reputation of an ISP gets affected

  • New Best Practices are needed.
  • Fine-grained rate limiting.
  • Dynamic threat lists to eliminate queries to “purpose built” domains.
  • Logging of DNS data for forensics and reporting.
  • “Always on” display of key DNS data.

Nominum suggests their recently launched Vantio ThreatAvert to protect ISPs through maintaining an up-to-date database of malicious domains called Nominum’s Global Intelligence Xchange (GIX) and through Precision Policies which helps identify and thus protect against the attack traffic.

ISPs today need more effective protections built-in to DNS servers. Modern DNS servers can precisely target attack traffic without impacting any legitimate DNS traffic. ThreatAvert combined with ‘best in class’ GIX portfolio overcomes gaps in DDoS defenses, enabling ISPs to constantly adapt as attackers change their exploits, and precision policies surgically remove malicious traffic,said Sanjay Kapoor, CMO and SVP of Strategy, Nominum.

 

Related posts

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs

Malicious Android Apps On Google Play Store Deliver VajraSpy RAT