3 research outputs found
The Closed Resolver Project: Measuring the Deployment of Source Address Validation of Inbound Traffic
Source Address Validation (SAV) is a standard aimed at discarding packets
with spoofed source IP addresses. The absence of SAV for outgoing traffic has
been known as a root cause of Distributed Denial-of-Service (DDoS) attacks and
received widespread attention. While less obvious, the absence of inbound
filtering enables an attacker to appear as an internal host of a network and
may reveal valuable information about the network infrastructure. Inbound IP
spoofing may amplify other attack vectors such as DNS cache poisoning or the
recently discovered NXNSAttack. In this paper, we present the preliminary
results of the Closed Resolver Project that aims at mitigating the problem of
inbound IP spoofing. We perform the first Internet-wide active measurement
study to enumerate networks that filter or do not filter incoming packets by
their source address, for both the IPv4 and IPv6 address spaces. To achieve
this, we identify closed and open DNS resolvers that accept spoofed requests
coming from the outside of their network. The proposed method provides the most
complete picture of inbound SAV deployment by network providers. Our
measurements cover over 55 % IPv4 and 27 % IPv6 Autonomous Systems (AS) and
reveal that the great majority of them are fully or partially vulnerable to
inbound spoofing. By identifying dual-stacked DNS resolvers, we additionally
show that inbound filtering is less often deployed for IPv6 than it is for
IPv4. Overall, we discover 13.9 K IPv6 open resolvers that can be exploited for
amplification DDoS attacks - 13 times more than previous work. Furthermore, we
enumerate uncover 4.25 M IPv4 and 103 K IPv6 vulnerable closed resolvers that
could only be detected thanks to our spoofing technique, and that pose a
significant threat when combined with the NXNSAttack.Comment: arXiv admin note: substantial text overlap with arXiv:2002.0044
Buenas prácticas para el despliegue seguro del servicio de correo electrónico
Email is currently one of the services most affected by the security problems that proliferate on both the Internet and in local networks or intranet. Specialists in telematic services have the great challenge of providing an email service that guarantees its stability and availability, as well as minimizing the risks of identity theft, unwanted emails, and so-called spam emails. The objective of this research is to carry out an analysis of the main security problems that proliferate in this service and to describe a set of good practices for a secure configuration and deployment of the email service, which, in turn, contributes to reducing the security problems associated with this service and consequently achieving greater user satisfaction.Actualmente el correo electrónico es uno de los servicios más afectados por los problemas de seguridad que proliferan en la Red, tanto en internet como en redes locales o intranet. Los especialistas en servicios telemáticos de las organizaciones tienen el gran reto de proveer un servicio de correo electrónico que garantice su estabilidad, su disponibilidad y que minimice los riesgos de la suplantación de identidad, los correos no deseados y los llamados correos spam. El objetivo de la presente investigación es realizar un análisis de los principales problemas de seguridad que proliferan en este servicio y describir un conjunto de buenas prácticas para una configuración y un despliegue seguros del servicio de correo electrónico. De esta manera se contribuirá a disminuir los problemas de seguridad asociados a este servicio y por consiguiente una mayor satisfacción de los usuarios