Full Disclosure mailing list archives
Re: new dos attack?
From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Thu, 04 Dec 2003 10:24:49 -0500
Now assuming you are the ISP, is there any way to get all those domains pointed to somewhere else without having to define them all on your name servers? Can't you fax the registrar or something to park them or is this pretty much a really difficult type of attack to fight off?
Spam in its present state doesn't in general (with some exceptions) use a valid return address. They are still being forged which means the DNS queries are for yahoo, aol, and other frequent forgeries. The only real area I can see a lot of potential resolution is with URLs that people click on in emails. In a majority of spams I've seen, however, spammers are still using IP addresses instead of domain names as their goal is to hide as much revealing information as possible to pass them through spam filters [insert rant for Bayesian style filtering]. If they did do this though, I would think that name server caching would significant reduce the number of queries, helping to share the load of the problem. Every customer query to aol.com doesn't hit aol's nameservers (fortunately for AOL)...it hits first the user's local nameserver cache, and second the ISP's cache...with a large company like AOL, it'll also hit the ISP's web/ns inverse cache servers long before it ever touches their actual name servers. Some individuals are coding spam filters that actually perform HTTP gets on the URLs in the spams, in an attempt to DoS the spammers. I would be more concerned about this type of DoS. Jonathan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Partial Solution to SUID Problems Todd Burroughs (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- new dos attack? Geo. (Dec 04)
- Re: new dos attack? Jonathan A. Zdziarski (Dec 04)
- Re: Partial Solution to SUID Problems Ciro (Dec 05)
- Re: Partial Solution to SUID Problems Vladimir Parkhaev (Dec 05)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- new dos attack? Geo. (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)