Printer Friendly Version
Email this thread to a friend
|
Featured Web Site Template |
|
Reflects user activity within the last 5 minutes
|
|
| Member |
Message |
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2006-Mar-09 22:23
There has been a recent resurgence of an older denial of service attack called the Smurf attack. This attack exploits servers with certain DNS vulnerabilities and uses them to attack other servers, with the result that the target server gets taken offline. In many cases, the attacker uses automated software to send their queries, creating a massive amount of traffic that impacts not only the target server, but also the network equipment forced to handle the high volume of resulting traffic.
Dang hackers!
For Linux, you'll need to update your "named.conf" located at: /etc/named.conf
Look for lines of the following:
options {
directory "/var/named";
The directions were sent to me from my server provider to change them to this:
options {
allow-recursion { 127.0.0.1; };
directory "/var/named";
From what I understand, Windows servers cannot do their own DNS servers and must use an external LINUX or UNIX server to handle their DNS services. Otherwise, your Windows server is vulnerable to the smurf attack. What a PITB.
|
 |
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1832
|
Posted: 2006-Mar-10 05:33
>>From what I understand, Windows servers cannot do their own DNS servers and must use an external LINUX or UNIX server to handle their DNS services.
No. Windows have their own DNS servers. But it takes more to lock them down.
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2006-Mar-11 08:52
Prowler, sorry I wasn't real clear in that message, but that's pretty much what I meant. Windows servers cannot safely run DNS and escape the smurf attack. It seems it takes too much work to make them secure which is why my host suggested that windows servers move their DNS operations to a server that runs LINUX or UNIX.
|
|
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1832
|
Posted: 2006-Mar-12 14:33
 Curt. It is good to see you active again.
>>It seems it takes too much work to make them secure ....
I couldn't agree more.
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2006-Mar-15 08:17
yep me active, until I get my hands on my next project, but I'll try to hang out here more often.
|
|
beth_lk
Staff
Joined: Jun 23, 2004
# Posts: 1308
|
Posted: 2006-Mar-16 08:23
Please explain this in new bee terms to me 
I feel very lost but really would like to understand what this is about.
Much Appreciated,
Beth
|
|
dudibob
Joined: Oct 13, 2005
# Posts: 1472
|
Posted: 2006-Mar-16 11:33
I'm guessing it's called a smurf attack because lots of little (blue ) automated things 'attack' the server multiple times causing it to crash from an overload of information?
I don't understand servers, there a whole new world to me
|
|
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1832
|
Posted: 2006-Mar-16 13:57
>>I'm guessing it's called a smurf attack because lots of little (blue ) automated things 'attack' the server multiple times causing it to crash from an overload of information?
dudibob - You are right - save for one bit of information; the bit about the blue things. Some sick people use scripts to cause repeated requests carefully contrived to bring the targeted servers to their knees. Servers unlike humans can multi task to a great extent. Still they have certain known weakness which can be exploited.
Our friend Curt tells us some means to guard against such attacks here.
|
|
dudibob
Joined: Oct 13, 2005
# Posts: 1472
|
Posted: 2006-Mar-16 14:06
there's alot of sick people in the world, sorry, saw smurf, thought little blue things lol
Thanks very much Curt for the heads up
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2006-Mar-18 10:34
saw smurf, thought little blue things
teehee  just had to laugh a bit about that.
U R welcome
From what I understand it pretty much works this way:
Hacker sends bogus server requests to a whole bunch of other web servers, but spoofs the IP address to match another server's IP. All those other servers send back information in response to the request, but because the IP is spoofed, they send the info packets back to the IP belonging to the one server.
When all those other servers are trying to talk to that one server which had it's IP spoofed, it eventually gets loaded up with inbound traffic and doesn't allow other legitimate traffic to the server get through because all the bandwidth is used up or the server simply doesn't have enough processing power to keep up with the demand of incoming packet info. Now I do not claim to be an expert on how servers communicate with one another, but I believe that much I understand.
A similar tactic was used to bring down Yahoo.com back in 2001 (or was that in 2000?). The smurf attack is basically another form of DoS.
|
|
You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
- You have not yet logged in, or registered properly as a member
- You are a member, but no longer have posting rights.
- This is a private forum, for which you do not have permissions.
If you are a recent member, it's possible that you simply have not yet confirmed your account. Please
check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions
contained within.
If you cannot find this message, click here to Re-Send it.
|
If you are still experiencing problem, please read the
Login Assistance
Article for some advice on what may be causing your login not to work properly.
|
Switch to Advanced Editor and ...
Create a New Topic
or Reply to this Thread
|
|
Inbox
