By Richard Chirgwin, 16 Sep 2014
Google's DNS IP address is being spoofed by an attacker, apparently in an attempt to DDoS hosts vulnerable to a flaw in the SNMP protocol.
The SANS Internet Storm Center noticed the traffic trend emerging on September 15, and in this post discusses what's going on.
The attack is trying to take over SNMP hosts that have left default passwords in place – the default read/write community string “private” – and either comes from a troll, SANS says, or someone genuinely tapping on the door of target systems.
What's going on is outlined in this post. The attacker is trying to send an SNMP “set” command with the community string, something which on a badly-configured system would: “set the default TTL to 1, which would make it impossible for the gateway to connect to other systems that are not on the same link-layer network”, and “turn off IP forwarding”.
The Register/ full article here/ http://www.theregister.co.uk/2014/09/16/attackers_tapping_on_snmp_door_to_see_if_its_open/
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.