SNMP-Based DDoS Attack Spoofs Google Public DNS Server

  • 16 September 2014
  • 0 replies
  • 946 views

Userlevel 7
Badge +54
by Michael Mimoso    September 15, 2014
 
The SANS Internet Storm Center this afternoon reported SNMP scans spoofed from Google’s public recursive DNS server seeking to overwhelm vulnerable routers and other devices that support the protocol with DDoS traffic.

“The traffic is spoofed, and claims to come from Google’s DNS server. The attack is however not an attack against Google. It is likely an attack against misconfigured gateways,” said Johannes Ullrich, dean of research of the SANS Technology Institute and head of the Internet Storm Center.

Ullrich said the ISC is still investigating the scale of the possible attacks, but said the few packets that have been submitted target default passwords used by SNMP.

“The attack uses the default ‘read/write’ community string of ‘private.’ SNMP uses this string as a password, and ‘private’ is a common default,” Ullrich said. “For read-only access, the common default is ‘public.’”
 
Full Article

0 replies

Be the first to reply!

Reply