SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure (R-6)
| Date Issued | Document | Reference ID | Current Phase |
|---|---|---|---|
| SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure (R-6) | SAC065 | CLOSED |
Description:
Manufacturers and/or configurators of customer premise networking equipment, including home networking equipment, should take immediate steps to secure these devices and ensure that they are field upgradable when new software is available to fix security vulnerabilities, and aggressively replacing the installed base of non-upgradeable devices with upgradeable devices. This minimally involves:
a. Ensuring that the default configuration on these devices does not implement an unmanaged open recursive DNS resolver;
b. Providing updates and patches for their equipment to keep the installed base of networking equipment up-to-date to address current security threats, or as a necessary alternative replacing non-updatable equipment with appropriately configured devices;
c. Ensuring that large-scale participants in purchasing of customer premise networking equipment (e.g., ISPs, government procurement, large enterprises) insist that networking equipment meet the standards discussed in this document.
STATUS UPDATES
| Date | Phase | Type | Status Updates |
|---|---|---|---|
