Scribd Logo
Carica

Benvenuto in Scribd!

  • DDoS Attack Threats - SNMP Reflection Threat Advisory - Akamai Presentation

    Caricato da

    Kimberly Gomez
    47 visualizzazioni10 pagine
    http://bit.ly/1t9Y4Wf | Many older SNMP devices have the ability to take public queries from the Internet enabled by default, allowing malicious actors to launch reflected DDoS attacks by directing SNMP messages at a chosen target. To stop these devices from participating in attacks, network administrators need to manually check for the presence of this protocol and turn off public access. Find out more about this DDoS threat in the full Akamai SNMP Threat Advisory,

    Titolo originale

    DDoS Attack Threats | SNMP Reflection Threat Advisory | Akamai Presentation

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    http://bit.ly/1t9Y4Wf | Many older SNMP devices have the ability to take public queries from the Internet enabled by default, allowing malicious actors to launch reflected DDoS attacks by directing SNMP messages at a chosen target. To stop these devices from participating in attacks, network administrators need to manually check for the presence of this protocol and turn off public access. Find out more about this DDoS threat in the full Akamai SNMP Threat Advisory,

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    47 visualizzazioni10 pagine

    DDoS Attack Threats - SNMP Reflection Threat Advisory - Akamai Presentation

    Caricato da

    Kimberly Gomez
    http://bit.ly/1t9Y4Wf | Many older SNMP devices have the ability to take public queries from the Internet enabled by default, allowing malicious actors to launch reflected DDoS attacks by directing SNMP messages at a chosen target. To stop these devices from participating in attacks, network administrators need to manually check for the presence of this protocol and turn off public access. Find out more about this DDoS threat in the full Akamai SNMP Threat Advisory,

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 10

    SNMP Reflection DDoS Attacks

    Highlights from a Prolexic DDoS Threat Advisory


    2014 AKAMAI | FASTER FORWARD
    TM
    SNMP Attacks on the Rise
    Since April 11, 2014, Prolexic has observed a marked
    resurgence in the use of Simple Network Management
    Protocol (SNMP) reflection attacks
    SNMP is a commonly-used protocol in many devices for
    the home and office
    SNMP devices like printers, routers, servers, modems,
    and desktops can provide DDoS reflection and
    amplification for attackers

    2014 AKAMAI | FASTER FORWARD
    TM
    Why SNMP?
    Although the latest version is more secure,
    devices more than about three years old use
    SNMP v2, which is openly accessible to public
    request by default
    Protocol-based attacks rise and fall in popularity;
    right now new SNMP reflection tools in the
    underground are driving a surge in popularity of
    this attack

    2014 AKAMAI | FASTER FORWARD
    TM
    SNMP Attack Statistics
    2014 AKAMAI | FASTER FORWARD
    TM
    SNMP Attacks in 2014
    14 DDoS campaigns using the protocol have been
    observed since April 11, 2014
    As devices are discovered to be participating in
    attacks, their IP addresses are blacklisted by the
    Internet community, leading to smaller attack sizes
    However, malicious actors will continue to identify
    additional devices vulnerable to SNMP reflection
    The remaining vulnerable servers are continuing to
    make this attack dangerous

    2014 AKAMAI | FASTER FORWARD
    TM
    How SNMP Attacks Work
    GetBulk: Dumps many values stored on the device
    IP addresses on a router, what kind of toner is in
    the printer, or similar data
    The tool sends GetBulk requests to vulnerable
    SNMP-enabled devices, pretending to be the target
    The device then sends the GetBulk information to the
    target

    2014 AKAMAI | FASTER FORWARD
    TM
    How SNMP Attacks Work (continued)
    The resulting response can be greatly
    amplified
    In one real attack, a single 37-byte request packet
    generated a 64,000-byte response split across 44
    packets
    This is an amplification factor of more than 1,700
    times
    Any device configured to listen to SNMP v2
    requests could become a reflector in such an
    attack

    2014 AKAMAI | FASTER FORWARD
    TM
    Dont Be Part of an Attack: Configure Your SNMP
    Devices Properly
    It is essential that network administrators help take
    down vulnerable devices
    Scan for devices on your network that have the
    default public community string and limit public
    access
    Devices such as printers shouldnt be open to the
    Internet
    When possible, use SNMP v3

    2014 AKAMAI | FASTER FORWARD
    TM
    Threat Advisory: NTP AMP DDoS toolkit
    Download the threat advisory, Threat Advisory:
    SNMP Reflection DDoS Attacks
    This DDoS threat advisory includes:
    How to identify an attack from the SNMP Refelector
    DDoS tool
    Analysis of the source code
    Payload analysis
    IDS Snort rule and attack signatures
    Remediation instructions for owners of devices that
    support the SNMP v2 protocol


    2014 AKAMAI | FASTER FORWARD
    TM
    About Prolexic (now part of Akamai)
    We have successfully stopped DDoS attacks for more
    than a decade
    Our global DDoS mitigation network and 24/7 security
    operations center (SOC) can stop even the largest
    attacks that exceed the capabilities of other DDoS
    mitigation service providers

    Potrebbero piacerti anche