The fixed Internet access service provided by SFR and Bouygues Telecom was unavailable for several hours last week. Indeed, the DNS (Domain Name System) servers of several operators were affected. "The DNS servers are used by all companies. It's a bit like a telephone directory. They translate the domain name of a website into an IP address to talk to it. So they have a key role as gatekeepers. They are often among the Top 3 critical applications for ISPs," explains Ronan David, head of strategy at Efficient IP.

The inability to connect, for most SFR and Bouygues Telecom customers last Tuesday, results from the fact that you use an operator's DNS servers by default when you subscribe to its fixed Internet access service. However, they could have connected to other DNS servers by configuring the network connection of their box because the DNS servers are always ready to communicate with everyone. And this is their weakness. "Since they are by definition very open, they are also very vulnerable. They are therefore prime targets for hackers," says Ronan David.

This type of aggression is common among ISPs, but SFR and Bouygues Telecom consider it particularly virulent. According to the Dutch DDoS protection organization NBIP, the DDoS (or denial of service) attack has also affected other ISPs in Belgium and the Netherlands. It recorded volumetric peaks of nearly 300 Gbit/s in volume. A level well above the average. Ronan David confirms, "The volume of 89% of DDos DNS attacks is below 50 Gbit/s. Here, it was up to 300 Gbit/s, six times more than usual. This is completely atypical."

This was a reflection attack, for example. "In the case of a DDos type DNS attack by amplification, there is one target, the DNS server, and then there is reflection, which means that other DNS servers are used to amplify the attacks and overwhelm the target server with requests so that it is no longer available," explains Ronan David.

Were other ISPs' DNS servers used to amplify the attack? Were SFR and Bouygues Telecom specifically targeted, or was their failure a collateral damage of a larger operation? Mystery, but this prospect would be daunting for all operators.

Another enigma remains to be solved: who are the attackers? Several hypotheses can be put forward. It could be a rogue gang... Unless the objective was political: to test communications and bring down an Internet gateway. In this case, it could be hostile foreign powers.

 Read the article

Source : 01net

Revolution for the Domain Name System! To maintain the stability of hosted domain names since the introduction of the EDNS standard in 1999, several DNS servers have simply implemented patches. However, since February 1, patches that do not comply with the EDNS update have been removed. This can therefore lead to malfunctions or even the deletion of domain names hosted on these servers.

A tool is available on the DNS Flag Day website to test your domain name. "This change will make most DNS operations slightly more efficient and will also allow operators to deploy new features, including mechanisms to protect against DDoS attacks," says the dedicated site.

 Read the article

Source : Le Monde Informatique

Rezopole sets up a publication service of correspondence between IP and AS. A simple DNS request allows to find the AS and the subnet in which the IP is published!

This new public service is an alternative to the American team-cymru and allows to expose BGP routes seen from Europe. Visit www.rezopole.net/mapping-ip-as to enrich your network scripts! These tools (dig and asdig) are reverted to the public domain on our github! An update is coming…

[French article]

Pour la cinquième année consécutive, l’Agence nationale de la sécurité des systèmes d’information (ANSSI) avec la participation de l’Afnic, analyse la résilience de l’Internet français en étudiant deux protocoles, BGP et DNS.

L’observatoire encourage l’ensemble des acteurs de l’Internet à s’approprier les bonnes pratiques d’ingénierie admises pour les protocoles BGP, DNS, et TLS, et à anticiper la menace que représentent les DDoS. D’autre part, l’observatoire énonce des recommandations. Voir plus de détails ici.

À propos de l'ANSSI

Autorité nationale en matière de sécurité et de défense des systèmes d’information, l’ANSSI constitue un réservoir de compétences qui met son expertise et assiste les administrations et les opérateurs d’importance vitale. Elle est chargée de la promotion des technologies, des systèmes et des savoir-faire nationaux. Elle contribue au développement de la confiance dans le numérique. Le centre de transmission gouvernemental, placé sous l’autorité du SGDSN, assiste l’ANSSI à travers la mise en œuvre les moyens sécurisés de commandement et de liaison nécessaires au président de la République et au Gouvernement.

À propos de l'Afnic

Créée en 1997, l’Afnic (Association Française pour le Nommage Internet en Coopération), est une association à but non lucratif. Désignée par l'État pour gérer les noms de domaine en .fr, elle en assure la promotion auprès des entrepreneurs et des particuliers. Gestionnaire historique du .fr avec plus de 2,9 millions de noms de domaine en .fr à ce jour, elle se positionne également comme fournisseur de solutions techniques et de services de registre : elle accompagne ainsi 14 projets de nouveaux domaines Internet de premier niveau dont le .paris et le .bzh. L’Afnic est implantée à Saint-Quentin en Yvelines : 80 personnes travaillent ainsi à ce bien commun qu’est l’Internet français.