Re: DNS DDoS ojačitveni napadi
Objavljeno: 5. Jun 2013 ob 11:07
Mogoče pa je na dotični napravi problem izključno posodabljanje programske opreme. Razlog zanj pa je potem lahko tudi strojna oprema.
thnxNoName napisal/-a:Če bi rad kdo prebral malo več o takšnih tipih napadov naj prebere http://securitytnt.com/dns-amplification-attack/ (cca 5 minut), video https://www.youtube.com/watch?v=xR_lHN8wKHA (DNS amplification se začne ob 6:20, traja pa kako minuto), za tiste ki želijo pa vedeti vse in še več, pa priporočam video na naslovu https://www.youtube.com/watch?v=-mBzpMeiqec (začne se nekje pri 14:00, traja pa vsaj kake pol ure).
Skripta za testiranje odprtih DNS razreševalnih strežnikov se nahaja na naslovu http://www.rula.net/dnscheck.php
Koda: Izberi vse
09/23/13 15:27:11 Potentially Bad Traffic 199.168.99.130 - 89.XXX.XXX.XXX 53 1:2016016
ET CURRENT_EVENTS DNS Amplification Attack Inbound
Koda: Izberi vse
1-Oct-2013 01:30:44.891 queries: info: client 60.214.139.196#51060: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:44.958 queries: info: client 183.61.241.32#65212: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.022 queries: info: client 183.61.241.32#33188: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.302 queries: info: client 183.61.241.32#15652: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.304 queries: info: client 183.61.241.32#57404: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.342 queries: info: client 183.61.241.32#57460: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.501 queries: info: client 183.60.135.135#63468: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.556 queries: info: client 60.214.139.196#10988: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.717 queries: info: client 183.61.241.32#6963: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.814 queries: info: client 183.61.241.32#6547: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.871 queries: info: client 60.214.139.194#15621: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.914 queries: info: client 183.61.241.32#45717: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.930 queries: info: client 60.214.139.198#46501: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:45.975 queries: info: client 183.61.241.32#50643: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.051 queries: info: client 183.61.241.32#52149: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.081 queries: info: client 183.61.241.32#25685: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.212 queries: info: client 183.60.135.135#24101: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.549 queries: info: client 183.60.135.7#5701: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.605 queries: info: client 60.214.139.194#47189: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.607 queries: info: client 183.61.241.32#19306: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.720 queries: info: client 183.61.241.32#22246: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.810 queries: info: client 183.61.241.32#41619: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:46.867 queries: info: client 183.61.241.32#1610: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:47.019 queries: info: client 60.214.139.196#63962: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:47.237 queries: info: client 183.61.241.32#10922: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:47.296 queries: info: client 183.61.241.32#27594: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:47.296 queries: info: client 183.61.241.32#8646: view external: query: 30259.info IN ANY +E
11-Oct-2013 01:30:47.328 queries: info: client 60.214.139.194#43286: view external: query: 30259.info IN ANY +E
:
Koda: Izberi vse
ASN: AS45899 VNPT Corp
ASN: AS7552 Viettel Corporation
ASN: AS24086 Viettel Corporation
ASN: AS18403 The Corporation for Financing & Promoting Technology
ASN: AS45543 SaiGon Tourist cable Televition Company
ASN: AS17816 China Unicom IP network China169 Guangdong province
ASN: AS10066 CJ-CABLENET
ASN: AS35104 AS JSC KazTransCom
ASN: AS4713 NTT Communications Corporation
ASN: AS39501 Neda Gostar Saba Data Transfer Company Private Joint