It turns out the US-CERT maintains a list of UDP based amplification attacks and their potential amplification factor (i.e. DNS vs. NTP). It also includes the latest Memcache attacks that have been making the rounds — spoiler: memcache has the greatest potential for abuse.
I’ve gotten tired of Road Runner’s DNS redirection/hijacking service which I opt out of yet it keeps coming back. I decided to do some DNS benchmarking, comparing my assigned ISP name servers against publicly provided DNS such as Google. The results were very surprising. It turns out I have less latency and hops reaching some of the publicly available DNS servers instead of those provided by my ISP (the servers actually resolve lookups faster).
Here’s what I did:
- Download and run DNS Benchmark (Windows or Wine): http://www.grc.com/dns/benchmark.htm
- Add your ISP assigned DNS servers into the DNS benchmark tool for comparison (Windows: ipconfig /all Linux: cat /etc/resolv.conf)
- Load any additional public DNS servers into the tool: publicly provided DNS
- If public DNS is faster, configure your machine for hardcoded DNS (not to pickup from DHCP).
Coincidentally, Symantec has just released their own version of a public DNS that provides malware filtering. You can read The H article here. Symantec’s “secure” DNS servers are 126.96.36.199 and 188.8.131.52
I try to catch the weekly NPR Technology podcast. This week there’s an interesting segment about ICANN, VeriSign and their root nameservers, as well as China’s desire to wrestle control of the internet. You can get the podcast here: http://podcastdownload.npr.org/anon.npr-podcasts/podcast/1019/126006147/npr_126006147.mp3
*You need to advance to 5:00minutes into the podcast for this segment (unless you want to listen about Cuban bloggers)