[council] SAC065: SSAC Advisory on DDoS Attacks using the DNS

Bruce Tonkin Bruce.Tonkin at melbourneit.com.au
Sat Feb 22 21:47:21 UTC 2014 

Hello All,

Attached is an advisory from SSAC on DDoS attacks:


Specifically, the SSAC strongly recommends that:

1. ICANN should help facilitate an Internet-wide community effort to reduce the number of open resolvers and networks that allow network spoofing. This effort should involve measurement efforts and outreach.

2. All network operators should take immediate steps to prevent network address spoofing.

3. Recursive DNS server operators should take immediate steps to secure open recursive DNS servers.

4. Authoritative DNS server operators should support efforts to investigate authoritative response rate limiting.

5. DNS server operators should put in place operational processes to ensure that their DNS software is regularly updated and communicate with their software vendors to keep abreast of the latest developments.

6. Manufacturers and/or configurators of customer premise networking equipment, including home networking equipment, should take immediate steps to secure these devices and ensure that they are field upgradable when new software is available to fix security vulnerabilities, and aggressively replace the installed base of non-upgradeable devices with upgradeable devices.

Regards,
Bruce Tonkin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SAC065 Board Cover Letter 18 February 2014.doc
Type: application/msword
Size: 74752 bytes
Desc: SAC065 Board Cover Letter 18 February 2014.doc
URL: <http://mm.icann.org/pipermail/council/attachments/20140222/e63356d5/SAC065BoardCoverLetter18February2014.doc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SAC065 SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure 18 February 2014.pdf
Type: application/pdf
Size: 433125 bytes
Desc: SAC065 SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure 18 February 2014.pdf
URL: <http://mm.icann.org/pipermail/council/attachments/20140222/e63356d5/SAC065SSACAdvisoryonDDoSAttacksLeveragingDNSInfrastructure18February2014.pdf>

More information about the council mailing list