Route filtering and its impact on the DNS fabric

Published: 2008-05-19
Last Updated: 2008-05-19 14:51:41 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Information Security consultants regularly work with their clients to identify their "critical infrastructure": those assets which are needed to keep the organization running at an acceptable level. On such engagements, after the employees have listed and described their own assets, I tend to ask them "... and what about Google?". A lot of companies really need a good search engine ranking for their clients to find them. Something which can and has been attacked. It is however often not quite clear whose responsibility it is to monitor components such as these: information security or marketing?

There are several other components which make up the internet fabric that help users get where they need to be. Today, the people at Renesys posted a fascinating blog entry showing what could go wrong at a completely different level: DNS. They identify how the hijacking of IP space can pose a valid risk to the reliability of the internet as a business medium. While malicious intent can't be proven, this is exactly what appears to have affected L.root-servers.net in the recent history.

This is no reason to panic - it is however an indication of just one of many things the information security community needs to be aware of. Short lived BGP announcements have commonly been used to distribute spam, and inadvertent mistakes have brought down major web sites. Renesys' posting is an example of how a lack of route filtering can have even deeper, but less visible consequences.

Read their blog entry on the adventures of L.root-servers.net here.

Keywords: BGP dns name server
0 comment(s)

Text message and telephone aid scams

Published: 2008-05-19
Last Updated: 2008-05-19 14:45:21 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Jim recently wrote a diary on the various scams related to Myanmar's cyclone and the Sichuan earthquake.

Usually, these scams take place by means of web sites which accept funds through Paypal or sometimes even wire transfers. However, as with all types of unsollicited messages, these were bound to move to other media as well.

Earlier today we received interesting reports from China of text messages (SMS) being distributed which request the reader to transfer money to a certain account number, or even just reply to the message to help fund relief to the Sichuan earthqake. In addition, late last week reports appeared of a message which invited readers to help the Red Cross fight "poverty and suffering" by making a call, or sending a text message.

While one would expect more physical acts, such as sending text messages or calling a number allow better identification of the culprits than more obscure credit card number theft and distribution,  this is often not the case. While the owner of a number may easily be identified in many cases, it is often just the company providing a service for another third party. The latter may have used fake For-a-fee telephone numbers, both for call and SMS are often purchased through service providers, which may require less stringent verification of their clients than the actual phone network.

0 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives