Hello, welcome to the Thursday, August 11, 2020 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jackstall, Florida.

I wrote a brief piece today about reflective, distributed denial of service attacks, and now

this is an oldie but goody in some ways.

The attacks are taking advantage of DNS.

And the reason I wrote about them isn't because they're new and exciting, but

well, because they're still happening after all these years, one of our honeypots used to be

a reflective amplifier and it continues to be heavily used

along after it stopped responding to any kind of DNS requests.

And while it's not running a DNS server right now, because it would really be useless

as a DNS server, still given all the traffic it receives.

I also use the opportunity to summarize some simple best practices when it comes to DNS.

Not complete, but issues I often see people having problems with.

And let me know if there's anything I should cover in more detail in that respect.

With Blackhead and DefCon happening this week, we do have some announcements of new attacks and

tools during these events.

One interesting tool announced today by Rapid 7 is Defaultinator.

Defaultinator attempts to address a problem that is probably even older than reflective DNS attacks. Defaultinator. Defaultinator attempts to address a problem that is probably even older than reflective DNS attacks default passwords. But for auditors and pen testers, it's sometimes difficult to sort of get a definite list of default passwords. There are several out there that are not complete, that are not well organized.

So defaultinator is trying to fix that.

It's a free service and tool that Rapid 7 makes available now.

Looks like so far they have over 8,000 passwords in their database,

and Kurt Bernhardt with Rapid 7 states that there still needs to be a bit of cleanup happening.

...