Security Scene: September 2021 Edition
By Adair Thaxton, Internet2 Cyberinfrastructure Security Engineer
Estimated reading time: 2 minutes
Happy September! The trees are starting to turn, and I’m anxiously awaiting the cooler weather. I hope everything is settling down with the new school year!
Anvil published an article about how a malicious DHCP server in the WAN can take advantage of “smart” routers and be used to exfiltrate data from the LAN. They can use this setup to create a denial-of-service attack, exfiltrate data, or perform a man-in-the-middle attack. Attacks they conducted included more specific subnets and using DHCP Options to set static routes or change the default gateway of the “smart” router. Examples of theoretically vulnerable devices include site-to-site VPNs, DVR systems for cameras, HTTP services enabled on routers, and embedded devices. Anvil suggests several mitigations for this—one of which is, of course, filtering based on BCP38/84 recommendations!
Yandex recently defended itself against the biggest botnet attack ever at 22 million requests per second. They had seen increasingly large attacks in the month preceding this one from a new botnet dubbed Mēris. The Mēris botnet was also responsible for the previously biggest-ever botnet attack, which was against Cloudflare in July.
The MANRS organization has a nice article on using Linux shell tools to analyze MRT dumps. The article focuses on the “bgpgrep” tool that is part of the suite, comparing it to “bgpscanner” and “bgpdump” with added capabilities. It looks like a really interesting approach to forensic BGP analysis in a more flexible and accessible way.