DDoS Resiliency Report
Back to summary report
Company: Example, Inc.
B
Good
Scan Date: October 05, 2017
Description: This section shows the result of 15 different potential DDoS checks and detects any potential DrDoS amplification endpoints. The data is collected from non-intrusive scanners and other internet-wide scanners.
This report category has 4% effect on total scan score.

Potential DDoS Findings Overview

# Asset # of Finding(s)
Passed Info Warning Failed
204310 example.com 10 0 3 2
204482 example.org 11 0 2 2

Geo Map

Map Data
Map data ©2017 Google, INEGI
Map DataMap data ©2017 Google, INEGI
Map data ©2017 Google, INEGI
Map
Satellite

Potential DDoS Findings for example.com (15)

ID Finding Status
2536483

DDOS DNS Single Point of Failure Medium

RFC 2182(Section 5),states that a domain must have at least 3 nameservers. But if you have 2 name servers, that's enough.
DNSServer: puma.state.example.org Ip: 192.168.16.99
DNSServer: lion.state.example.org Ip: 192.168.16.131
Name Servers are on the Same Subnet
192.168.16.
Having multiple nameservers in the same subnet can cause all your nameservers to be disabled if there is an error in the subnet.
Warning
2536484

DDOS MX Single Point of Failure Medium

You should be careful about what you are doing since you have a single point of failure that can lead to mail being lost if the server is down for a long time.:
smtp1.state.example.org
Failed
2536479

DDOS Nameserver Amplification Control

Recursion should be disabled on DNS servers. Also check the DNS 'ANY' request.
Name servers are vulnerable to DDOS.
Ns: puma.state.example.org Status: DNS 'ANY' Request Problem (Received bytes > 100)
Ns: lion.state.example.org Status: DNS 'ANY' Request Problem (Received bytes > 100)
Please check.

References

Failed
2536470

DDOS UDP Flood

UDP flood is a type of Denial of Service (DoS) attack in which the attacker overwhelms random ports on the targeted host with IP packets containing UDP datagrams.
Open UDP ports were found:
Ip: 10.89.8.8 Ports: 53

References

Warning
2536476

DDOS Existence of Public Reverse Proxy/Distributed DNS Service Low

An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.The information either
No public reverse proxy or distributed DNS service detected

References

Warning
2536471

DDOS Open Ntp Ports

It can be used in DDoS attacks because Ntp protocol works through UDP. Therefore, security measures must be taken.
Open NTP ports not found.
Passed
2536472

DDOS NTP Amplification

NTP amplification is a type of Distributed Denial of Service (DDoS) attack in which the attacker exploits publically-accessible Network Time Protocol (NTP) servers to overwhelm the targeted with User Datagram Protocol (UDP) traffic.
Open NTP moonlight not found.
Passed
2536473

DDOS Open BGP Ports

Security measures must be taken against DDoS attacks on open BGP ports.
Open BGP ports not found.
Passed
2536474

DDOS SNMP Reflection

SNMP reflection attacks can generate attack volumes of hundreds of gigabits per second, which can be directed at attack targets from multiple broadband networks. Attacks are sometimes hours in duration, are highly-disruptive to attack targets, and can be very challenging to mitigate.
Open snmp ports not found.
Passed
2536475

DDOS Threat Intelligence Control

No used ip address was found in DDoS attacks.
Passed
2536477

DDOS RST control for closed ports

It is recommended that packets coming to closed ports be dropped.
Packages sent to closed ports are dropped.
Passed
2536478

DDOS CMS(Content Management System) WebSite Control

XML-RPC is used for DDOS and brute force attacks. Therefore, necessary precautions must be taken.
No xmlrpc vulnerability found on Cms web sites.
Passed
2536480

DDOS DNS Flood

DNS flood is a type of Distributed Denial of Service (DDoS) attack in which the attacker targets one or more Domain Name System (DNS) servers belonging to a given zone, attempting to hamper resolution of resource records of that zone and its sub-zones.
DNS flood control passed.
Passed
2536481

DDOS Ping Flood

Ping flood, also known as ICMP flood, is a common Denial of Service (DoS) attack in which an attacker takes down a victim's computer by overwhelming it with ICMP echo requests, also known as pings.
Ping flood control passed.
Passed
2536482

DDOS ICMP Reflection

Reflective attacks are known as SMURF attacks.The Smurf attack is a distributed denial-of-service attack.
ICMP reflection control passed.
Passed


Potential DDoS Findings for example.org (15)

ID Finding Status
2538697

DDOS MX Single Point of Failure Medium

You should be careful about what you are doing since you have a single point of failure that can lead to mail being lost if the server is down for a long time.:
Failed
2538692

DDOS Nameserver Amplification Control

Recursion should be disabled on DNS servers. Also check the DNS 'ANY' request.
Name servers are vulnerable to DDOS.
Ns: ns2.rackspace.com Status: DNS 'ANY' Request Problem (Received bytes > 100)
Ns: ns.rackspace.com Status: DNS 'ANY' Request Problem (Received bytes > 100)
Please check.

References

Failed
2538689

DDOS Existence of Public Reverse Proxy/Distributed DNS Service Low

An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.The information either
No public reverse proxy or distributed DNS service detected

References

Warning
2538694

DDOS Ping Flood

Ping flood, also known as ICMP flood, is a common Denial of Service (DoS) attack in which an attacker takes down a victim's computer by overwhelming it with ICMP echo requests, also known as pings.
IP addresses that respond to ICMP requests were found:
72.3.203.176
72.3.203.182

References

Warning
2538683

DDOS UDP Flood

UDP flood is a type of Denial of Service (DoS) attack in which the attacker overwhelms random ports on the targeted host with IP packets containing UDP datagrams.
Open UDP ports not found.
Passed
2538684

DDOS Open Ntp Ports

It can be used in DDoS attacks because Ntp protocol works through UDP. Therefore, security measures must be taken.
Open NTP ports not found.
Passed
2538685

DDOS NTP Amplification

NTP amplification is a type of Distributed Denial of Service (DDoS) attack in which the attacker exploits publically-accessible Network Time Protocol (NTP) servers to overwhelm the targeted with User Datagram Protocol (UDP) traffic.
Open NTP moonlight not found.
Passed
2538686

DDOS Open BGP Ports

Security measures must be taken against DDoS attacks on open BGP ports.
Open BGP ports not found.
Passed
2538687

DDOS SNMP Reflection

SNMP reflection attacks can generate attack volumes of hundreds of gigabits per second, which can be directed at attack targets from multiple broadband networks. Attacks are sometimes hours in duration, are highly-disruptive to attack targets, and can be very challenging to mitigate.
Open snmp ports not found.
Passed
2538688

DDOS Threat Intelligence Control

No used ip address was found in DDoS attacks.
Passed
2538690

DDOS RST control for closed ports

It is recommended that packets coming to closed ports be dropped.
Packages sent to closed ports are dropped.
Passed
2538691

DDOS CMS(Content Management System) WebSite Control

XML-RPC is used for DDOS and brute force attacks. Therefore, necessary precautions must be taken.
No xmlrpc vulnerability found on Cms web sites.
Passed
2538693

DDOS DNS Flood

DNS flood is a type of Distributed Denial of Service (DDoS) attack in which the attacker targets one or more Domain Name System (DNS) servers belonging to a given zone, attempting to hamper resolution of resource records of that zone and its sub-zones.
DNS flood control passed.
Passed
2538695

DDOS ICMP Reflection

Reflective attacks are known as SMURF attacks.The Smurf attack is a distributed denial-of-service attack.
ICMP reflection control passed.
Passed
2538696

DDOS DNS Single Point of Failure

RFC 2182(Section 5),states that a domain must have at least 3 nameservers. But if you have 2 name servers, that's enough.
At least two nameservers were found. Also nameservers are on different subnets:
DNSServer: ns2.rackspace.com Ip: 65.61.188.4
DNSServer: ns.rackspace.com Ip: 69.20.95.4
Passed


Scroll to top