[ispcp] Fwd: [council] SAC065: SSAC Advisory on DDoS Attacks using the DNS
<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><br><div style=""><br><div>Begin forwarded message:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(0, 0, 0, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica';">Bruce Tonkin <<a href="mailto:Bruce.Tonkin@xxxxxxxxxxxxxxxxxx";>Bruce.Tonkin@xxxxxxxxxxxxxxxxxx</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(0, 0, 0, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica';"><b>[council] SAC065: SSAC Advisory on DDoS Attacks using the DNS</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(0, 0, 0, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica';">February 22, 2014 at 3:47:21 PM CST<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; color:rgba(0, 0, 0, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica';">"<a href="mailto:council@xxxxxxxxxxxxxx";>council@xxxxxxxxxxxxxx</a>" <<a href="mailto:council@xxxxxxxxxxxxxx";>council@xxxxxxxxxxxxxx</a>><br></span></div><br><div>Hello All,<br><br>Attached is an advisory from SSAC on DDoS attacks:<br><br><br>Specifically, the SSAC strongly recommends that:<br><br>1. ICANN should help facilitate an Internet-wide community effort to reduce the number of open resolvers and networks that allow network spoofing. This effort should involve measurement efforts and outreach.<br><br>2. All network operators should take immediate steps to prevent network address spoofing.<br><br>3. Recursive DNS server operators should take immediate steps to secure open recursive DNS servers.<br><br>4. Authoritative DNS server operators should support efforts to investigate authoritative response rate limiting.<br><br>5. DNS server operators should put in place operational processes to ensure that their DNS software is regularly updated and communicate with their software vendors to keep abreast of the latest developments.<br><br>6. Manufacturers and/or configurators of customer premise networking equipment, including home networking equipment, should take immediate steps to secure these devices and ensure that they are field upgradable when new software is available to fix security vulnerabilities, and aggressively replace the installed base of non-upgradeable devices with upgradeable devices.<br><br>Regards,<br>Bruce Tonkin<br><br></div></blockquote></div></body></html> Attachment:
SAC065 Board Cover Letter 18 February 2014.doc <html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><div class="AppleOriginalContents" style=""><blockquote type="cite"><div></div></blockquote></div></body></html> Attachment:
SAC065 SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure 18 February 2014.pdf <html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style=""><blockquote type="cite"><div></div></blockquote></div><br><div apple-content-edited="true"> <br class="Apple-interchange-newline"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ">PHONE: 651-647-6109, FAX: 866-280-2356, WEB: <a href="http://www.haven2.com";>www.haven2.com</a>, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)</span> </div> <br></body></html> |