The Evolving Threat of Amplification DDoS Attacks

If there is one trend in the cybersecurity world over the last 12 to 18 months that cannot be ignored, it is the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks.

An amplification attack is a two-part DDoS attack that generally uses the User Datagram Protocol (UDP). An attacker first sends a large number of small requests to unsuspecting third-party servers on the internet. The attacker crafts these requests to result in large responses, but they are otherwise normal except that their source addresses are rewritten (spoofed) so they appear to have come from the victim instead of the attacker. When all the third-party servers send their large responses to the victim, the resulting amount of traffic is much more than the attacker could have generated alone. These attacks often overwhelm the resources of the victim, as attacks in the hundreds of gigabits per second (Gbps) are possible using this method.

(more…)

Almost Half of Companies Lack DDoS Response Plans

It’s tempting to see the threat of distributed denial of service (DDoS) as noise in the background of cybersecurity discussions, but don’t be fooled. Any risk to your critical web infrastructure can have a severe impact to your business, and given that the frequency, scale and sophistication of these types of attacks are increasing, the threat is very real.

(more…)

The Real Uneven Playing Field of Name Collisions

Recent comments on the name collisions issue in the new gTLD program raise a question about the differences between established and new gTLDs with respect to name collisions, and whether they’re on an even playing field with one another.

Verisign’s latest public comments on ICANN’s “Mitigating the Risk of DNS Namespace Collisions” Phase One Report, in answering the question, suggest that the playing field the industry should be concerned about is actually in a different place. The following points are excerpted from the comments submitted April 21.

(more…)

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

Verisign is pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.

At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).

(more…)

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

Verisign posted preliminary public comments on the “Mitigating the Risk of DNS Namespace Collisions” Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done.

(more…)

DNS Outages: The Challenges of Operating Critical Infrastructure

Recent attacks targeting enterprise websites have created greater awareness around how critical DNS is for the reliability of internet services and the potentially catastrophic impact of a DNS outage. The DNS, made up of a complex system of root and lower level name servers, translates user-friendly domain names to numerical IP addresses. With few exceptions, DNS lives in a grey area between IT and network operations. With the increasing occurrences of distributed denial of service (DDoS) attacks, advanced persistent threats (APTs) and exploitation of user errors through techniques such as typosquatting and phishing, enterprises can no longer take a passive role in managing their DNS internet infrastructure.

(more…)

Proceedings of Name Collisions Workshop Available

Presentations, papers and video recordings from the name collisions workshop held earlier this month in London are now available at the workshop web site, namecollisions.net.

The goal for the workshop, described in my “colloquium on collisions” post, was that researchers and practitioners would “speak together” to keep name spaces from “striking together.” The program committee put together an excellent set of talks toward this purpose, providing a strong, objective technical foundation for dialogue. I’m grateful to the committee, speakers, attendees and organizers for their contributions to a successful two-day event, which I am hopeful will have benefit toward the security and stability of internet naming for many days to come.

(more…)

Joining Forces to Advance Protection Against the Growing Diversity of DDoS Attacks

You may have seen the news this morning that we have joined forces with Juniper Networks to provide a comprehensive, always on, DDoS solution. At Verisign, we focus on protecting companies from increasingly complex cyber threats, and this relationship should only raise the bar higher, as it will provide a different, more integrated approach than what’s used today, to help ensure faster and more efficient detection and mitigation.

(more…)

Jeff Schmidt to Present Name Collision Management Framework at Research Workshop

I’m delighted to announce that the name collisions workshop this weekend will include Jeff Schmidt, CEO of JAS Global Advisors, presenting the Name Collision Occurrence Management Framework that his firm just released for public review.

Jeff’s presentation is one of several on the program announced by the program committee for the Workshop and Prize on Root Causes and Mitigations of Name Collisions (WPNC).

(more…)