DDOS

25 October 2019 at 11:49am

BEREC clarifies that permanent network security measures may be OK

Andrew Cormack
Network Neutrality
DDOS
security
Four years ago, Jisc responded to the Board of European Regulators of Electronic Communications (BEREC) consultation on network neutrality to point out that some security measures cannot just be temporary responses by the victims of attacks, but need to be permanently configured in all networks to prevent them being used for distributed denial of service and other attacks. This applies, in particular, to blocking of spoofed addresses, as recommended by BCP-38.
Read more
31 August 2016 at 2:12pm

Net Neutrality: BCP-38 Seems OK

Andrew Cormack
Net Neutrality
security
DDOS
The Board of European Regulators of Electronic Communications (BEREC) have now released the final version of their net neutrality guidelines, following a public consultation that received nearly half a million responses. These seem to have resulted in clarifications of the draft version, rather than any significant change of policy.
Read more
5 July 2016 at 8:32am

Network Neutrality and Network Security

Andrew Cormack
Network Neutrality
security
DDOS
A new EU law, created earlier this year, requires public network providers to ensure "network neutrality" – roughly, that every packet be treated alike unless there are legitimate reasons not to.
Read more
20 July 2015 at 12:00pm

Network Neutrality and Network Security

Andrew Cormack
network security
Network Neutrality
DDOS
Open Internet Regulation
There's a tension between network neutrality - essentially the principle that a network should be a dumb pipe that treats every packet alike - and network security, which may require some packets to be dropped to protect either the network or its users. Some current attacks simply can't be dealt with by devices at the edge of the network: if a denial of service attack is filling your access link with junk then nothing you do at the far end of that link can help.
Read more
26 June 2014 at 10:10am

Simple ways to improve your DNS resilience and security: #4 Open DNS Resolvers

James Davis
DNS
resolvers
DDOS
nameservers
udp
reflection
amplification
infosec
security
Time to move from the mechanics and policy of DNS replication to a new topic. Within the global DNS there are two roles that a server can play: ones that hold data - nameservers, and ones that fetch that data for clients - resolvers. Nameservers need to provide their data to the entire Internet whereas resolvers serve a small set of client systems.
Read more
25 June 2014 at 2:15pm

Simple ways to improve your DNS resilience and security: #3 TTL and expire timers

James Davis
DNS
Resilience
SOA
expire
TTL
DDOS
So you've designed your redundant architecture and ensured that your data is being replicated across it? All set? Not quite. Within your DNS configuration there are two timers that we frequently see misconfigured -  TTL values and the SOA expire value. Frequently we see these left at default a default of one day (86400 seconds). Whilst these may suit many organisations it's worth taking a closer look to make sure that they match your expectation for your DNS services.
Read more
2 April 2014 at 11:35am

Update on filtering of large ntp packets

James Davis
ntp
filtering
DDOS
infosec
CSIRT
We continue to monitor the effect of the filtering of large ntp packets (> 128 bytes) at the Janet borders. Where people have had concerns we've been working with them to make sure that their work is impacted as little as possible by this measure. The filtering has had a large reduction on the impact to Janet infrastructure but the current filtering limits still allow enough traffic through the Janet border to cause disruption for customers with 100Mb/s, or busy 1Gb/s, connections.
Read more
21 February 2014 at 2:10pm

Limiting ntp traffic on Janet

James Davis
CSIRT
block
ntp
DDOS
The increasing frequency, number and size of ntp based DDoS attacks against Janet connected organisations has at times briefly degraded connectivity to sections of the network. Whilst we are able to react to these attacks as and when they occur, the impact upon our customers can be significant. This situation is far from unique to Janet - ISPs globally are struggling with this issue.
Read more

Seven steps to secure ntp servers from DDoS attacks

James Davis
Thursday, February 13, 2014 - 15:36
ntp
DDOS
DoS
reflection
infosec
Network time protocol (ntp) servers are regularly being used to reflect and amplify spoofed UDP packets towards the target of a DDoS attack. Attacks are growing in size and frequency and sometimes even cause issues for the organisations hosting the reflectors. Servers offering the 'monlist' command are particularly troublesome and can provide a huge amplification affect.
Read more
5 December 2013 at 4:09pm

Simple preparations for DDoS attacks

James Davis
chargen
DNS
CSIRT
security
infosec
DDOS
You can call CSIRT for help   If you suspect that your institution is suffering from a DDoS attack you can call on Janet CSIRT for assistance. We can help you understand and analyse the traffic, and in most cases can work with our network operations centre and transit partners to filter traffic. Where possible we work with other network providers to eliminate the sources of the attack.  
Read more
Subscribe to DDOS