Information by Bauani

Opinion on Issue(s) Which I, Ahamed Bauani Think About or Went Through It. Other Then That It Will Have Any Kind of News and Information Which I Think Useful for My Friends and Others in World -- Ahamed Bauani


Important information to Radars : This Blog is No Longer Maintaining by Bauani


Please Change your Bookmark to http://blog.bauani.org/ to get regular update from Ahamed Bauani Or

Subscribe to This RSS Feed to get Update of Bauani's New Blog

Tuesday, August 19, 2008

Current Bind DNS vulnerability Patches Coming



Current Bind DNS vulnerability Patches Coming | Patches coming today for DNS vulnerability

By Joe Barr on July 08, 2008 (8:05:22 PM)

Whether you're running Linux, Windows, Cisco, Sun, or other DNS servers, you are at risk from a newly discovered vulnerability. So says Dan Kaminsky, head of penetration testing research at IO Active, who accidently discovered the DNS "design flaw" earlier this year.

You can check whether the DNS servers you use are vulnerable by clicking the Check My DNS button in the upper right corner of Kaminsky's Web site.

Kaminsky says he made the discovery entirely by accident. When he realized the flaw was a fundamental design flaw that is universal in scope, he called for a summit of security researchers to decide on a course of action. That summit took place on the Microsoft campus on March 31, and out of it a multi-vendor patch solution was developed. Microsoft, Sun, Cisco, Bind, and other firms will be releasing patches for the flaw today. Linux distributions are expected to start providing patches today as well. Debian users already can find Bind patch instructions online.

The problem in general terms is described as insufficient randomness. Vendors have tried to deliver the fix in a way that can't be reverse-engineered to reveal the actual flaw. Full details on the flaw will not be revealed for 30 days, in order to allow system administrators time to evaluate and apply patches to their DNS servers. DNS clients are also at risk, but to a much smaller degree, and the focus at present continues to be on DNS servers.

According to Kaminsky, the rule for applying patches for this flaw should be, "If it recurses, patch it."

Source: http://www.linux.com/feature/141080

Labels: , , , , , ,

posted by Bauani @ 17:31 0 Comments Links to this post

Friday, July 25, 2008

Bangla News Site Bangla-News.Net site is Online Again



Bangla News Site Bangla-News.net is Back to Online

After experiencing recent DDoS attack, Bangla News Site http://www.bangla-news.net/ is now Online.

This popular Bangla News Site was under attack on last day, resulting about 24Hours of downtime, this site currently back to online.

To read about this Attack on Bangla News site http://www.bangla-news.net/, click here

As soon the attack started, the IT Team of Bangla-News.net site locate and identified the man behind it. Actual downtime was maximum 22 minute. Though the team of Engineers block the attack, editor of Bangla-News.Net decided to keep offline the site next 24 hours to make attacker happy. Meanwhile we collect the more specific avoidance from incoming data packer source and it's owner.

Now Bangla-News.Net has enough avoidance to proof the work of attacker. Owner of website hasn't yet decide either they will go for law or warn the attacker to be more careful about their target.

The attacker is a 22 year old boy, studying on a private university in Dhaka, Bangladesh. He promise to Bangla-News.Net that he will not do this type of work any more.

At this moment Bangla News site, Bangla-News.Net is online. Anyone can now visit the site by clicking here.

Bangla-News.Net express appology to their reader to make the site offline for about 24 hours.

Any comments on this article is welcome.

Report by:

Ahamed Bauani
http://www.bauani.org/

Labels: , , ,

posted by Bauani @ 18:20 0 Comments Links to this post

Thursday, July 24, 2008

Bangladesh News Site Bangla-News.net is Experiencing DDoS Attack At this Moment



Bangladesh News Site Bangla-News.net is Experiencing DDoS Attack At this Moment

Are you confused or surprised to see this page when you were looking for the news site http://www.bangla-news.net/ ? I am sure you are. Actually the Bangla News site http://www.bangla-news.net/ is currently experiencing DDoS Attack.

To prevent this attack, all HTTP request to bangle-news.net is now redirected to this page. We are now investigating this issue to isolated the source of this attack. Good news is that we already got the DDoS Attack launchers identity and their ISP has been notified.

At this moment we will not tell anything more regarding this attack and the action we are going to take for this criminals. More update on this issue will post here very soon.

We really sorry for the inconvenience you are having due this type of illegal activity of Cyber Criminals.

Regards,

Ahamed Bauani
IT Consultant
http://www.bauani.org/


Update: Bangla News Site Bangla-News.Net site is Online Again

Labels: , , , ,

posted by Bauani @ 12:51 0 Comments Links to this post

Wednesday, March 26, 2008

New Web Robot NaverBot very bad manners



A new Web Robot/Spider Out There Name NeverBoT, Version 1.0 from NHN Corp. / +82-2-3011-1954 / nhnbot AT naver.com

Have you check your web log in last few days? If yes, then you may notice a new Spider having footprint of "Mozilla/4.0 (compatible; NaverBot/1.0; " with a URL pointed to help.never.com and there is not a single English Word to read.

Never.Com is one of big search engine in Korea. This web spider/bot run by: NHN Corporation. Though they claim that this new Robot Maintain robot.txt file, I am not convinced.

For last few week, I keep an eye on this bot and found it normally ignore robot.txt file.

Summary of NeverBot:

Name: NaverBot
Current Version: 1.0
Current Agent_String: Mozilla/4.0 (compatible; NaverBot/1.0; http://help.naver.com/delete_main.asp)
Current IP Block where It Live: 202.179.176.0-202.179.183.255
Old Living IP Block Found in Different Site: 220.72.0.0 to 220.87.255.255, 61.78.61.192 61.78.61.193 61.78.61.206 61.78.61.220 61.78.61.221 61.78.61.222
Old Agent_String1: * Mozilla/4.0 (compatible; NaverBot/1.0; nhnbot@naver.com)
Old Agent_String2: * NaverBot-1.0 (NHN Corp. / +82-31-784-1989 / nhnbot@naver.com)

This robot, named NaverBot has many major error on it. No Rate Limit, Multiple Request at a time etc etc. When it find a host with hough bandwidth web server, you can see how first it sent request to web server. In Last 1 week, I found footprint of this bot more then 1000!

Suggestions: As This Web Spider Ignore robot.txt, you may ban it via source address block (202.179.176.0-202.179.183.255) from your Router or web server;)


Anyone Here to Comments?

I Found a BLOG http://www.cerkit.com/cerkitBlog/Naverbot+Bad+Korea+Banned.aspx, where author is really frustrated to found the mass on his log.

Comments Are Welcome..

With Thanks


Ahamed Bauani

Labels: , , , ,

posted by Bauani @ 05:25 0 Comments Links to this post

Monday, March 24, 2008

Denial-of-service attack DoS DDoS Detection and Prevention



What is DoS (Denial-of-Service attack) or DDoS (Distributed Denial-of-Service attack)? And How we Detect and Prevent it?

Denial-of-Service attack DoS, or Distributed Denial-of-Service attack DDoS is an attempt to make a computer resource unavailable to its intended users. Although the means to, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by:

=> Forcing the targeted computer(s) to reset, or consume its all resources so that it can no longer provide its service;

=> Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

The CERT (Computer Emergency Readiness Team) defines symptoms of DoS or DDoS attacks to include:

+ Unusually slow network performance
+ Unavailability of a particular web site
+ Inability to access any web site(s)
+ Dramatic increase in the number of spam emails received (Mail Bomb )

There is Many Kinds of DoS or DDoS Attack Characterized By Methods, Includes:

+ Flooding a network, thereby preventing legitimate network traffic;
+ Disrupting a server by sending more requests than it can possibly handle, thereby preventing access to a service;
+ Preventing a particular individual from accessing a service;
+ Disrupting service to a specific system or person.

Currently There are Five Basic Types of DoS or DDoS Attack are Common in Internet:

1. consumption of computational resources, such as bandwidth, disk space, or CPU time;
2. disruption of configuration information, such as routing information;
3. disruption of state information, such as unsolicited resetting of TCP sessions;
4. disruption of physical network components.
5. obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Some Common DoS or DDoS Attack Type:

==> ICMP floods ***

==> Teardrop attack ***

==> Peer-to-peer attacks ***

==> Application level floods ***

==> Nuke ***

==> Distributed attack ***

==> Reflected attack ***

==> Unintentional attack ***

To Prevention and Response Including Surviving Attacks, I will add more on my spare time. By this Time You May Go Through Links Bellow:

Useful Links Related To DoS or DDoS:

=> RFC 4732 By Internet Denial-of-Service Considerations
=> How to Prevent Denial of Service Attacks

=> CERT's Guide to DoS attacks.

=>Some CISCO IoS tips for Internet Service Providers By Mehmet Suzen


Any Idea in Your Mind? Please Add it to Comment Section.

Thanks

Ahamed Bauani

HP: +880-1818-BAUANI

-->[*** More Content Is Coming Soon]

Labels: ,

posted by Bauani @ 12:57 0 Comments Links to this post