Academic institutions urged to improve network and DNS configurations
Posted on 10 May 2013.
The Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) has issued an alert to IT security staff, and network and DNS administrators urging them to improve their network and DNS configurations to prevent their institution from being an unwitting partner in DoS attacks.

"These attacks may exploit thousands of institutional DNS servers to create an avalanche of network traffic aimed at a third-party victim. The traffic sourced by any single institutional system may be small enough to go unnoticed at the institution; however, the aggregate experienced at the target can be crippling," writes Doug Pearson, Technical Director at REN-ISAC.

"A recent attack generated over 300 gigabits per second of traffic aimed at the victim organization. To put that in context, most universities and organizations connect to the Internet at 1 Gbps or less. In this incident not only was the intended victim crippled, Internet service providers and security service providers attempting to mitigate the attack were adversely affected. Given history and the success of recent attacks, we expect that attacks will rise in frequency and magnitude in the months ahead."

The alert includes a series of recommended steps for the administrators to take, as well as a number of related good practices.

"Open recursive resolvers, authoritative DNS severs (especially when zones are DNSSEC signed), and networks that do not prevent source address spoofing create an environment on the Internet where DNS amplification DDoS attacks of great magnitude can be achieved," he pointed out.

"Too many higher education institutions contribute to this known and avoidable problem."


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th