subject:"\[dns\-operations\] DNS attacks against FR\/BE\/NL resolvers of Internet access providers"

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-17 Thread Viktor Dukhovni

On Thu, Sep 17, 2020 at 04:14:25PM +0200, Stephane Bortzmeyer wrote:

> On Mon, Sep 14, 2020 at 03:14:59PM +0200,
>  Stephane Bortzmeyer  wrote 
>  a message of 11 lines which said:
> 
> > On 1 and 2 September 2020, several French IAPs (Internet Access
> > Providers), including SFR and Bouygues, were "down". Their DNS
> > resolvers were offline, and it does indeed seem that this was the
> > result of an attack carried out against these resolvers.
> > 
> > https://www.afnic.fr/en/resources/blog/about-the-attack-on-french-isps-dns-resolvers.html
> 
> The warning of ANSSI (the french cybersecurity agency) about recent
> extorsion campaigns (with the message from the racketeer)
> 

Does anyone know whether the attack on tutanota.de / tutanota.com is
related, or a coincidence?

[ Light on details: ] https://tutanota.com/blog/posts/ddos-dns-attack/
  https://twitter.com/TutanotaTeam

-- 
Viktor.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-17 Thread Stephane Bortzmeyer

On Mon, Sep 14, 2020 at 03:14:59PM +0200,
 Stephane Bortzmeyer  wrote 
 a message of 11 lines which said:

> On 1 and 2 September 2020, several French IAPs (Internet Access
> Providers), including SFR and Bouygues, were "down". Their DNS
> resolvers were offline, and it does indeed seem that this was the
> result of an attack carried out against these resolvers.
> 
> https://www.afnic.fr/en/resources/blog/about-the-attack-on-french-isps-dns-resolvers.html

The warning of ANSSI (the french cybersecurity agency) about recent
extorsion campaigns (with the message from the racketeer)


___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-15 Thread Lanlan Pan

Stephane Bortzmeyer  于2020年9月15日周二 下午3:32写道：

> On Mon, Sep 14, 2020 at 02:54:42PM -0300,
>  Fernando Gont  wrote
>  a message of 19 lines which said:
>
> > Any more details about the attack? e.e., what vectors they used, etc.?
>
> No, they didn't publish any technical details. Like many people, I saw
> the effects (DNS resolution down) but not the causes.
>

seems like botnet (local customer's terminal) attack to ISP ?

___
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-15 Thread Yasuhiro Orange Morishita / 森下泰宏

Hi Stephane-san,

I've read the article.  I am suspecting the attack vector is random
subdomain attacks via bad CPEs, they acts open resolvers and
forwarding queries to ISP's resolvers.

Possibly, the real target domain name was exist and the attackers
tried to down the auth servers of the domain.

-- Orange

From: Stephane Bortzmeyer 
Subject: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet 
access providers
Date: Mon, 14 Sep 2020 15:14:59 +0200

> On 1 and 2 September 2020, several French IAPs (Internet Access
> Providers), including SFR and Bouygues, were "down". Their DNS
> resolvers were offline, and it does indeed seem that this was the
> result of an attack carried out against these resolvers.
> 
> https://www.afnic.fr/en/resources/blog/about-the-attack-on-french-isps-dns-resolvers.html
> 
> ___
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> 
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-15 Thread Stephane Bortzmeyer

On Mon, Sep 14, 2020 at 02:54:42PM -0300,
 Fernando Gont  wrote 
 a message of 19 lines which said:

> Any more details about the attack? e.e., what vectors they used, etc.?

No, they didn't publish any technical details. Like many people, I saw
the effects (DNS resolution down) but not the causes.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-15 Thread Stephane Bortzmeyer

On Mon, Sep 14, 2020 at 01:23:16PM -0700,
 Damian Menscher  wrote 
 a message of 87 lines which said:

> > There are a great many public resolvers, the best known ones among
> > which are operated by the major US corporations that have cornered
> > a large proportion of Internet services and are often referred to
> > as “GAFA” (from the initials of Google, Amazon, Facebook and
> > Apple), or the “Big Four”.
> 
> 
> Could you please share the IPs for the DNS resolvers operated by Amazon,
> Facebook, and Apple?  I'm trying to determine whether I'm simply unaware of
> those three open recursives (and unable to find them via a search engine),
> or if you're simply spreading FUD for political reasons.

Please have a tea and read again the sentences you quote.

___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-14 Thread Damian Menscher via dns-operations

--- Begin Message ---
You say:

There are a great many public resolvers, the best known ones among which
> are operated by the major US corporations that have cornered a large
> proportion of Internet services and are often referred to as “GAFA” (from
> the initials of Google, Amazon, Facebook and Apple), or the “Big Four”.

Could you please share the IPs for the DNS resolvers operated by Amazon,
Facebook, and Apple?  I'm trying to determine whether I'm simply unaware of
those three open recursives (and unable to find them via a search engine),
or if you're simply spreading FUD for political reasons.

Operationally, if you can share the victim IPs (and timestamp in UTC) of
the purported attack either publicly or with law enforcement, such attacks
can sometimes be traced.

Damian

On Mon, Sep 14, 2020 at 6:23 AM Stephane Bortzmeyer 
wrote:

> On 1 and 2 September 2020, several French IAPs (Internet Access
> Providers), including SFR and Bouygues, were "down". Their DNS
> resolvers were offline, and it does indeed seem that this was the
> result of an attack carried out against these resolvers.
>
>
> https://www.afnic.fr/en/resources/blog/about-the-attack-on-french-isps-dns-resolvers.html
>
> ___
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
--- End Message ---
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-14 Thread Keith Mitchell

On 9/14/20 1:54 PM, Fernando Gont wrote:
> On 14/9/20 10:14, Stephane Bortzmeyer wrote:
>> On 1 and 2 September 2020, several French IAPs (Internet Access
>> Providers), including SFR and Bouygues, were "down". Their DNS
>> resolvers were offline, and it does indeed seem that this was the
>> result of an attack carried out against these resolvers.
>>
>> https://www.afnic.fr/en/resources/blog/about-the-attack-on-french-isps-dns-resolvers.html
> 
> Any more details about the attack? e.e., what vectors they used, etc.?

This report also appears to be relevant, if brief:


https://www.nbip.nl/en/news/report-ddos-attacks-the-state-of-affairs-september-2020/

Keith

___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-14 Thread Fernando Gont


On 14/9/20 10:14, Stephane Bortzmeyer wrote:

On 1 and 2 September 2020, several French IAPs (Internet Access
Providers), including SFR and Bouygues, were "down". Their DNS
resolvers were offline, and it does indeed seem that this was the
result of an attack carried out against these resolvers.

https://www.afnic.fr/en/resources/blog/about-the-attack-on-french-isps-dns-resolvers.html


Any more details about the attack? e.e., what vectors they used, etc.?

Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint:  31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-14 Thread Richard Clayton

In message <20200914131459.ga6...@nic.fr>, Stephane Bortzmeyer
 writes

>On 1 and 2 September 2020, several French IAPs (Internet Access
>Providers), including SFR and Bouygues, were "down". Their DNS
>resolvers were offline, and it does indeed seem that this was the
>result of an attack carried out against these resolvers.

it was a DDoS for ransom attack (and they were not alone in being
attacked in this way) ... viz: it was a volumetric attack against the
servers (no particular DNS aspect to it ...)

this has not especially well documented in the press (most victims have
kept the news to themselves) but small parts of the campaign have been
mentioned from time to time...



-- 
richard   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755


signature.asc
Description: PGP signature
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

[dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

2020-09-14 Thread Stephane Bortzmeyer

On 1 and 2 September 2020, several French IAPs (Internet Access
Providers), including SFR and Bouygues, were "down". Their DNS
resolvers were offline, and it does indeed seem that this was the
result of an attack carried out against these resolvers.

https://www.afnic.fr/en/resources/blog/about-the-attack-on-french-isps-dns-resolvers.html

___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

Re: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

[dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers

11 matches

Site Navigation

Mail list logo

Footer information