Firewall Wizards mailing list archives
Re: Recent Attacks
From: Drew Smith <drew () pctc com>
Date: Wed, 16 Feb 2000 12:02:22 -0800
Michael Cassidy wrote:
At 4:03 PM -0700 2/12/00, hnd () asu edu wrote:hi, I was just wondering that The latest attacks on the popular web sites had only one objective behind it: to bring the web sites and render it useless for the period of attack. If these hacker really do want to create massive scale problems why not hack the root servers?!!!!!!! This will bring down the whole internet.bringing down a few dot.coms isnt bring down the net or causing massive problems espcially for those of us that dont think the net is a retail store.
You don't make any sense. Taking out the root nameservers would bring the entire net to its knees. If "those of us that don't think of the internet as a retail store" are those people that have decided that nameservice is useless and that everyone should just memorize IP addresses - count me out. Nameservice is necessary for just about every other service available, and without the root servers, nameservice wouldn't work. No email, no http, no streaming audio, no IRC, no ICQ, nothing. Period. Try and read a little before flaming. Hoshil: You've got a real and solid question there - what exactly are the maintainers of the root nameservers doing to make certain that this doesn't happen? I remember reading about a "DNS Smurf" attack on Bugtraq - anyone have any idea what's possible to prevent something like this? Is it possible to do some sort of stateful inspection to block this? Ahh, found the message with the advisory: <quote> TESO Security Advisory 02/11/2000 Nameserver traffic amplify (DNS Smurf) and NS Route discovery (DNS Traceroute) Summary =================== Nameservers which accept and forward external DNS queries may be abused as traffic amplifiers, exposing a possible threat to network integrity by bandwidth saturation (DNS Smurf). A "deaf" pseudo nameserver may be used to discover the query chain a DNS query takes through various nameservers, allowing to make a trace- route like route discovery (DNS Traceroute). </quote> Anyone have any clue how to protect a nameserver against this? If I'm reading the advisory correctly, misconfigured nameservers are used in a chain to do bandwidth amplification, and this - hurm. Seems like perhaps it's just another denial of service attack, much like smurf, that uses DNS queries as the traffic, and uses misconfigured servers to provide that bandwidth. So, it probably doesn't directly affect the root nameservers, but rather, it's just another form of DoS that COULD be used on them. The risk is there - anyone have any insider stuff on what's being done? Cheers, - Drew.
Current thread:
- Recent Attacks hnd (Feb 14)
- Re: Recent Attacks Philip J. Koenig (Feb 15)
- Re: Recent Attacks Michael Cassidy (Feb 15)
- Re: Recent Attacks Drew Smith (Feb 17)
- Re: Recent Attacks Ryan Russell (Feb 15)
- Message not available
- Re: Recent Attacks Marcus J. Ranum (Feb 15)
- Re: Recent Attacks Ryan Russell (Feb 15)
- Re: Recent Attacks Philip J. Koenig (Feb 16)
- Re: Recent Attacks Ryan Russell (Feb 17)
- Re: Recent Attacks David A. Wagner (Feb 21)
- Message not available
- Re: Recent Attacks Marcus J. Ranum (Feb 17)
- Re: Recent Attacks Ryan Russell (Feb 18)
- Re: Recent Attacks Marcus J. Ranum (Feb 15)
- Re: Recent Attacks Terry Lee Moore (Feb 15)
- Re: Recent Attacks Marcus J. Ranum (Feb 16)