U.S. Center for Internet Security Alert Level
GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.
From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”
NXNSAttack Packet Amplification Recursive DNS Server Vulnerabilities
Catilan Cimpanu of Zero Day reports that a vulnerability exists in DNS based software and may be used to launch a Distributed Denial of Service (DDoS) attack. The vulnerability was discovered by Israeli researchers. What appears to be happening is that a simple DNS query is responded to by a malicious DNS server as part of the recursive DNS chain. A response that typically contains 2 packets contains over 1,600. The spike can crash a victim’s server. This is the gist of the stated DDoS attack. This is commonly referred to as Packet Amplification (PAF). It sounds as if work has been under way for quite some time to patch DNS servers world-wide. It’s not uncommon to have efforts to mitigate a vulnerability done before any announcement is made.
CVE-2020-8616, CVE-2020-12662, CVE-2020-10995, and CVE-2020-12667
The vulnerability effects most DNS servers world-wide.
Impacted software includes
- ISC BIND (CVE-2020-8616);
- NLnet labs Unbound (CVE-2020-12662);
- PowerDNS (CVE-2020-10995);
- CZ.NIC Knot Resolver (CVE-2020-12667).
The potential for a Distributed Denial of Service (DDoS) attack.
Incident rather than a breach.
No customer notification is not necessary as this is not a breach.