Tech News
News for Admins
Huge DDoS Attack over HTTPS is Discovered and Stopped
The security company Cloudflare has announced that it detected and mitigated a 15.3 million request-per-second (rps) denial of service attack, which the company called "one of the largest HTTPS attacks on record." Although larger attacks have occurred on the open Internet, mounting a DDoS attack over HTTPS encrypted connections requires significantly more resources, which means that the scope of this attack is quite remarkable. According to Cloudflare, the botnet used for the attack consisted of 6,000 unique bots from 1,300 different networks in 112 countries.
In recent years, attackers have begun to employ IoT devices in their botnets, leading to a vast increase in the number of available devices. At the same time, the extortion market has become more lucrative. In a typical scenario, attackers will launch a DDoS attack, then force the network owner to pay a ransom to stop the attack. In this case, Cloudflare was able to thwart the attack using a signature-based approach to analyzing the traffic and stopping requests that appeared to be part of the attack.
For more information, see the blog post (https://blog.cloudflare.com/15m-rps-ddos-attack/) on the Cloudflare website.
Canonical Offering a Beta Version of a Real-Time Kernel
The release of Ubuntu 22.04 (Jammy Jellyfish) has been met with almost universal praise. But the company sees certain use cases and scenarios that could greatly benefit from a real-time kernel. This insight has led Canonical to release a beta version built with the out-of-tree PREEMPT_RT patches included. This release is available for x86_64 and AArch64 hardware and is aimed at industries such as communication and manufacturing, that place a high priority on low latency.
Dan Lynch, Marketing Director at Intel, said of the new release, "Ubuntu 22.04 LTS's real-time kernel unlocks low-latency use cases for real-time applications like Cloud RAN." Lynch added, "Together with Canonical, we have validated Intel's FlexRAN SDK to enable OpenRAN implementations requiring pre-emptive real-time kernel capabilities to meet 5G latency requirements."
With the PREMPT_TR patchset, the real-time kernel enables businesses and developers to leverage Ubuntu for extreme latency-dependent use cases and provides deterministic response times to service events. This new release also makes it possible for companies to rely on the same platform. Or, as Radoslaw Adamczyk, Technical Lead at IS-Wireless says, "Now we have one platform for the whole stack, from bare metal with MAAS to Ubuntu OS, LXD VM, and Microk8s on the edge – tested, validated, verified, and secure."
To gain access to the real-time kernel version of Ubuntu 22.04, you must subscribe to Ubuntu Advantage for Infrastructure (https://ubuntu.com/advantage).
A New Linux Vulnerability Could Provide Root Access to Systems
Dubbed "Nimbuspwn," the vulnerabilities (CVE-2022-29799 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29799) and CVE-2022-29800 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29800)) are located in the networkd-dispatcher daemon that checks for systemd-networkd connection status changes.
According to Microsoft's principal security researcher, Jonathan Bar Or (https://www.linkedin.com/in/jonathan-bar-or-89876474/), "Reviewing the code flow for networkd-dispatcher revealed multiple security concerns, including directory traversal, symlink race, and time-of-check-time-of-use race condition issues, which could be leveraged to elevate privileges and deploy malware or carry out other malicious activities."
Nimbuspwn allows for attackers to deploy payloads (such as a root backdoor) and can be exploited as a vector for root access by attackers using ransomware to reach an even greater impact on vulnerable devices.
The one caveat to Nimbuspwn is that attackers would need local access to targeted systems in order to gain any leverage via the vulnerabilities.
Both vulnerabilities have been patched by the network-dispatcher maintainer, Clayton Craft. All Linux admins are encouraged to immediately update all of their systems to apply the patch.
Mike Parkin, senior technical engineer at Vulcan Cyber said of Nimbuspwn, "Any vulnerability that potentially gives an attacker root-level access is problematic. Fortunately, as is common with many open-source projects, patches for this new vulnerability were quickly released."
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.