Skip to main content

DNS

Valve DNS privacy flap exposes the murky world of cheat prevention

posted onFebruary 18, 2014
by l33tdawg

Like most online game makers, Valve uses a cheat detection system to protect popular multiplayer games like Counter-Strike: Global Offensive, Team Fortress 2, and Dota 2 from hacks that would give a player an unfair advantage. That Valve Anti-Cheat (VAC) system was at the center of a potential privacy bombshell earlier today, with accusations that the system was sending Valve a list of all the domains that a system has visited whenever a protected game was played.

DDoS attacks rise as companies fail to address DNS security

posted onJanuary 30, 2014
by l33tdawg

Distributed denial-of-service (DDoS) attacks have scaled up in the past year, according to Arbor Networks' latest Infrastructure Security Report (PDF), and many attackers are learning from each other to meet their objectives.

Those surveyed in the study, around 220 operational security professionals, reported that DDoS attacks are the number one threat against their infrastructure.

DNSQuerySniffer shows all the DNS traffic on your system

posted onMay 28, 2013
by l33tdawg

NirSoft has announced the public availability of DNSQuerySniffer, a tiny (130KB, including a Help file) network sniffer which detects and displays your DNS traffic.

If you think this sounds just a little technical, then you’re right, but the program does have some interesting applications. Malware will often use DNS traffic to communicate with its operators, for instance, and so taking a closer look at your own system may reveal the signs of an infection (a large number of failed lookups to domains you don’t recognize, say).

Fix your DNS servers or risk aiding DDoS attacks

posted onApril 2, 2013
by l33tdawg

Although this week's large-scale DDoS attack against Spamhaus may not have been as crippling as early reports suggested, they were noteworthy in that they shined spotlights on a couple of the Internet's many underlying weaknesses.

Among them are open DNS resolvers, which enable a technique called DNS amplification wherein attackers bombard target servers with as much as 100 bytes of network-clogging traffic for every one byte they send out.

How the DNSChanger malware works

posted onJuly 11, 2012
by l33tdawg

Monday, 9 July, was supposed to be 'Internet Doomsday' when the US' Federal Bureau of Investigation (FBI) was to shut down servers associated with the DNSChanger malware. As a result, computers infected with this threat were to be cut off from the Internet.

DNSChanger Doomsday Threat Fizzles - 'Doomsday' averted

posted onJuly 10, 2012
by l33tdawg

US authorities have officially cut off servers in New York put in place to direct internet traffic for computers infected with the DNSChanger malware.

But concerns around a potential internet blackout for an estimated 211,000 computers still believed to be infected at the time of the shut down were ultimately unfounded. Approximately 6000 Australian internet subscribers faced a similar fate locally, with the majority sourced to Telstra connections.

DNSChanger victims to lose internet on Monday

posted onJuly 5, 2012
by l33tdawg

This coming Monday, 9 July, the FBI will be turning off the DNS server which currently intercepts queries from DNSChanger victims. This will mean that users who are infected with the malware will be almost completely unable to access the internet normally. Users are therefore advised to check whether their computers or routers use one of the FBI-listed IP addresses for DNS queries, well before the server shutdown, by visiting dnschanger.eu or dns-ok.us.

Users who want to check their configuration manually need to look out for the following IP address ranges:

DNS poisoning the 'thin end of a wedge'

posted onMay 17, 2012
by l33tdawg

Manipulating the internet's domain-name system (DNS) to reduce the impact of criminal malware DNSChanger has proved successful. Extending the technique to deal with other matters, however, represents the thin end of a wedge, according to DNS pioneer Dr Paul Vixie.

The FBI said that in 2007, DNSChanger infected 4 million computers worldwide, altering their settings so that they used DNS servers provided by the criminals, which allowed them to redirect the users to fraudulent websites.

Malware increasingly using DNS as C&C channel to avoid detection

posted onFebruary 29, 2012
by l33tdawg

The number of malware threats that receive instructions from attackers through DNS is expected to increase, and most companies are not currently scanning for such activity on their networks, security experts said at the RSA Conference 2012 yesterday.

There are many channels that attackers use for communicating with their botnets, ranging from traditional ones like TCP, IRC and HTTP to more unusual ones like Twitter feeds, Facebook walls and even YouTube comments.