2. Poisoning of DNS cache
DNS cache poisoning exploits vulnerabilities in the domain name system (DNS). In this case, the attacker attempts to insert a fake address entry into the DNS server’s cache database in order to divert Internet traffic from legitimate sites to “rogue” sites. The goal is to lure unsuspecting users to download malicious programs, which can then be exploited by the attacker.
Tips to stay secure: First, ensure you’re running the latest release of your DNS software. You should also configure your firewall to drop packets having an internal source address on the external interface as these are in most cases “cooked-up” addresses. Another important step is to collect and analyze log files from your DNS servers to identify anomalies and suspicious patterns, such as a multiple queries from the same IP within a short amount of time.
3. ICMP/Ping flood
In this case, the attacker sends a continuous stream of ICMP echo requests to the victim as fast as possible without waiting for a reply—in other words, “floods” it with ping packets. This barrage of data packets consumes the victim’s outgoing and incoming bandwidth, preventing legitimate packets from reaching their destination.
Tips to stay secure: Filter ICMP traffic appropriately. Block inbound ICMP traffic unless you specifically need it, such as those tools used for normal administration and troubleshooting. For ICMP traffic you do allow, do so only to those specific hosts that require it. Also, configure appropriate parameters and rate limits on firewalls and routers, such as setting a threshold for the maximum allowed number of packets per second for each source IP address. Additionally, make sure you’re monitoring those device logs in real time to immediately detect patterns of high ICMP volume.
4. E-mail bombs
This type of attack involves sending huge volumes of bogus emails simultaneously, and in most cases, containing very large attachments. E-mail bombs consume large amounts of bandwidth, as well as valuable server resources and storage space. An attack of this kind can quickly bring your mail service to a crawl or crash the system altogether.
Tips to stay secure: In addition to firewalls, you can put other perimeter protection in place, such as content filtering devices. It’s also wise to limit the size of emails and attachments, as well as limiting the number of inbound connections to the mail server.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.