Signature of a Cyberattack

Posted on by Ron Jagannathan

A DNS amplification attack is a reflection-based distributed denial of service (DDos)attack. The attacker spoofs look-up requests to domain name system (DNS) servers to hide the source of the exploit and direct the response to the target. … Most commonly, these are DNS servers that support open recursive relay.  DNS amplification can also be described as a Distributed Denial of Service (DDoSattack in which the attacker exploits vulnerabilities in domain name system (DNS) servers to turn initially small queries into much larger payloads, which are used to bring down the victim’s servers.

Some of the most commonly used DDoS attack types:
  • UDP Flood. A UDP flood, by definition, is any DDoS attack that floods a target with User Datagram Protocol (UDP) packets.
  • ICMP (Ping) Flood.
  • SYN Flood.
  • Ping of Death.
  • Slowloris.
  • NTP Amplification.
  • HTTP Flood.

DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server.

Chargen DDoS attack:

The Character Generator Protocol (CHARGEN) is a service of the Internet Protocol Suite defined in RFC 864 in 1983 by Jon Postel. It is intended for testing, debugging, and measurement purposes. The protocol is rarely used, as its design flaws allow ready misuse.

Slowloris attack:

Slowloris is a type of denial of service attack tool invented by Robert “RSnake” Hansen which allows a single machine to take down another machine’s web server with minimal bandwidth and side effects on unrelated services and ports.

Kaminsky Attack:

A cache poisoning attack redirects a user that brings up www.google.com to a malicious site instead, allowing an attacker to install malware or steal data from the user. The DNS flaw Dan found would allow an attacker to launch cache poisoningattacks against nameservers.

Mirai Attack:

Mirai (Japanese for “the future) is a malware that turns networked devices running Linux into remotely controlled “bots” that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers.

NTP amplification is a type of Distributed Denial of Service (DDoS) attack in which the attacker exploits publically-accessible Network Time Protocol (NTP) servers to overwhelm the targeted with User Datagram Protocol (UDP) traffic.

 

** monlist is a debugging command that allows to retrieve information from the monitoring facility about traffic associated with the NTP service.

  4 people found this article useful

Ron Jagannathan has written 54 articles

Ronan is a Caffeine dependent life-form from Planet Earth who wants to be a Jedi Knight of cloud computing. A man of mystery and power, whose power is exceeded only by his mystery. Quantum Physicist, TransHumanist, Systems Architect, Unix Administrator, Artificial Intelligence, Machine Learning and DIY Gadget enthusiast. Believes that the Universe has a high probability of being a simulation.
But he's real and hopefully some of his readers are too.
email: Ron.Jagannathan@gmail.com ph: 202 355 5205
https://www.linkedin.com/in/ronjagan/
My Famous Quotes:
“In a Unix Universe, God is known by a four letter word called root. To err is human...to really foul requires you to be root.. err.. god.” ― Ron Jagannathan

Github: github.com/ronjag
Linkedin: linkedin.com/in/ronjagan/

“Quotes found on the Internet are not always accurate.” ― Abraham Lincoln

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>