nanog mailing list archives
Sitefinder and DDoS
From: "Howard C. Berkowitz" <hcb () gettcomm com>
Date: Thu, 9 Oct 2003 13:35:17 -0400
Let's assume for a moment that Verisign's wildcards and Sitefinder go back into operation.
Let's also assume someone sets up a popular webpage with malware HTML causing it, perhaps with a time delay, to issue rapid GETs to deliberately nonexistent domains.
What would be the effect on overall Internet traffic patterns if there were one Sitefinder site? (flashback to ARPANET node announcing it had zero cost to any route)
How many Sitefinder nodes would we need to avoid massive single-point congestion?
AFAIK, the issues of distribution of Sitefinder, and even a formal content distribution network, were not discussed. I asked some general questions that touched on this at the ICANN ISSC committee meeting, but I think they were interpreted as directed toward the reliability of the Sitefinder service in operation, rather than potential vulnerabilities it might create.
I am NOT suggesting this simply as an argument against Sitefinder, and I'd like to see engineering analysis of how this vulnerability could be prevented.
Current thread:
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS bmanning (Oct 09)
- Message not available
- Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Message not available
- Re: Sitefinder and DDoS bmanning (Oct 09)
- <Possible follow-ups>
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Kee Hinckley (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Re: Sitefinder and DDoS Bruce Campbell (Oct 10)
- Re: Sitefinder and DDoS Owen DeLong (Oct 10)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)