Hackers attempt to spoof Google's DNS servers' IPs
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
September 16, 2014
Google's DNS servers and IP addresses are currently being spoofed by an attacker, apparently in an attempt to attack DDoS hosts vulnerable to a critical security bug in the SNMP protocol.
The SANS Internet Storm Center noticed the traffic trend emerging yesterday. The attack is trying to take over SNMP hosts that have left default passwords in place-– the default read/write community string “private” – and either comes from a troll, SANS says, or someone genuinely tapping on the door of target systems.
Attackers try to send an SNMP “set” command with the community string, something which on a badly-configured system would: “set the default TTL to 1, which would make it impossible for the gateway to connect to other systems that are not on the same link-layer network”, and “turn off IP forwarding”.
The SANS post says the traffic can be recreated using the command: snmpset -v 1 -c private [target ip] .184.108.40.206.220.127.116.11.0 int 1 .18.104.22.168.22.214.171.124.0 int 2.
Anybody seeing traffic that claims to be from 126.96.36.199 using incoming port 161 could see if they've been tapped by the attacker and let SANS know.
A couple of respondents to the SANS project said the attack seems to be methodical and working to a pretty straightforward pattern-- “one hit on a single IP every 20 minutes, working thru our class C in sequence”, one stated.
In other internet security news
In light of the NSA-Edward Snowden scandal more than a year ago, the public at large has been getting a broader glimpse at the still-secretive world of government data collection in the last few months, and Yahoo might be helping in this long and very complex process.
Yahoo said late yesterday that it has won the release of over 1,500 pages of documents filed in a secretive surveillance court.
Led by CEO Marissa Mayer since 2012, the company said the documents stem from an unsuccessful lawsuit it brought in 2008 challenging the government's right to demand user information.
Yahoo won a small victory in 2013 when portions of previously-sealed documents were ordered public. As it noted yesterday, disclosures from the Foreign Intelligence Surveillance Court are "extremely rare."
The documents are a public relations victory for Yahoo-- they demonstrate that the company is resisting orders to comply with the surveillance programs.
"Yahoo has not complied with the directives because of concerns that they require Yahoo to assist in conducting warrantless surveillance that is likely to capture private communications of United States citizens located in the U.S. and abroad," Yahoo wrote in a legal document, arguing the orders violated "the privacy of U.S. citizens."
The government placed huge pressure on Yahoo to comply with its order, the company said. "At one point, the U.S. Government threatened the imposition of $250,000 in fines per day if we refused to comply," read the announcement from Ron Bell, on of Yahoo's lawyers.
However, the documents also contain new information that may fuel the public debate over the programs.
Among them is "a mostly unredacted" surveillance order from the federal government and the surveillance court ruling from the 2008 lawsuit. Yahoo was initially blocked from publicly releasing that decision.
Then began a months-long process of declassifying the documents, and the secretive court ruled Thursday that the documents were ready for release.
The documents were subsequently posted online on the Director of National Intelligence's Web site.
On any given day, surveillance laws require Yahoo and other companies to collect information from users and are prohibited from telling the users about the collection.
Yahoo and other technology companies-- Google, Facebook, Microsoft and LinkedIn have all been allowed to disclose broad numbers about how many surveillance requests they receive from U.S. federal authorities, and have called on the government to allow further releases.
Source: The SANS Institute.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!