Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Route filtering and its impact on the DNS fabric

Published: 2008-05-19
Last Updated: 2008-05-19 14:51:41 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Information Security consultants regularly work with their clients to identify their "critical infrastructure": those assets which are needed to keep the organization running at an acceptable level. On such engagements, after the employees have listed and described their own assets, I tend to ask them "... and what about Google?". A lot of companies really need a good search engine ranking for their clients to find them. Something which can and has been attacked. It is however often not quite clear whose responsibility it is to monitor components such as these: information security or marketing?

There are several other components which make up the internet fabric that help users get where they need to be. Today, the people at Renesys posted a fascinating blog entry showing what could go wrong at a completely different level: DNS. They identify how the hijacking of IP space can pose a valid risk to the reliability of the internet as a business medium. While malicious intent can't be proven, this is exactly what appears to have affected L.root-servers.net in the recent history.

This is no reason to panic - it is however an indication of just one of many things the information security community needs to be aware of. Short lived BGP announcements have commonly been used to distribute spam, and inadvertent mistakes have brought down major web sites. Renesys' posting is an example of how a lack of route filtering can have even deeper, but less visible consequences.

Read their blog entry on the adventures of L.root-servers.net here.

Keywords: BGP dns name server
0 comment(s)

Text message and telephone aid scams

Published: 2008-05-19
Last Updated: 2008-05-19 14:45:21 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Jim recently wrote a diary on the various scams related to Myanmar's cyclone and the Sichuan earthquake.

Usually, these scams take place by means of web sites which accept funds through Paypal or sometimes even wire transfers. However, as with all types of unsollicited messages, these were bound to move to other media as well.

Earlier today we received interesting reports from China of text messages (SMS) being distributed which request the reader to transfer money to a certain account number, or even just reply to the message to help fund relief to the Sichuan earthqake. In addition, late last week reports appeared of a message which invited readers to help the Red Cross fight "poverty and suffering" by making a call, or sending a text message.

While one would expect more physical acts, such as sending text messages or calling a number allow better identification of the culprits than more obscure credit card number theft and distribution,  this is often not the case. While the owner of a number may easily be identified in many cases, it is often just the company providing a service for another third party. The latter may have used fake For-a-fee telephone numbers, both for call and SMS are often purchased through service providers, which may require less stringent verification of their clients than the actual phone network.

0 comment(s)
Diary Archives