LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page US-CERT: TA14-017A: UDP-based Amplification Attacks (rev. 09 Feb 2014)
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-09-2014, 01:06 PM   #1
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065
US-CERT: TA14-017A: UDP-based Amplification Attacks (rev. 09 Feb 2014)

The notice may be read in it's entirety at https://www.us-cert.gov/ncas/alerts/TA14-017A.

Original release date: January 17, 2014 | Last revised: February 09, 2014.

Certain UDP protocols have been identified as potential attack vectors:

DNS
NTP
SNMPv2
NetBIOS
SSDP
CharGEN
QOTD
BitTorrent
Kad
Quake Network Protocol
Steam Protocol

The Mitigation section of the notice describes a suggested method and provides an open-source verification software package for verifying ingress filtering (a recommended practice).

There are links to documents and prior notices that may be of interest.

Hope this helps some.
 
Old 02-18-2014, 07:51 AM   #2
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 737

Rep: Reputation: 78
i myself find the CERT alerts to be very general.
check out the PDF reports that Prolexic put out, the one for DNS dives into the source code for the DNS DDoS tool that is going around.
http://www.prolexic.com/news-events-...s-flooder.html
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
US Cert: TA14-013A: NTP Amplification Attacks Using CVE-2013-5211 tronayne Slackware 7 01-15-2014 12:35 PM
US Cert: TA14-013A: NTP Amplification Attacks Using CVE-2013-5211 tronayne Linux - Security 0 01-15-2014 03:44 AM
US-CERT Alert (TA13-088A) DNS Amplification Attacks tronayne Linux - Security 0 07-06-2013 11:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:14 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration