Full Disclosure mailing list archives
Re: New DDoS attack vector
From: minor float <minor.float () gmail com>
Date: Fri, 20 May 2011 16:06:18 +0200
dear ascii, On 20 May 2011 15:43, ascii <ascii () katamail com> wrote:
On 05/20/2011 02:10 PM, minor float wrote:not really, because we have seen that they've used more than one smtp server for this. minorDear minor, the attack you proposed is very stretched and has an extremely low efficiency. What follows is my feeling about the issue and I don't exclude that I could be missing some key concept. The idea behind well executed DoS attacks is that little resources on the attacker's side cause big disruption on the victim's assets.
sending a spam campaign does not cost millions on today, right?
This together with the fact that big MTA clusters are likely to use a caching DNS server to speed up lookups and delivery is enough to dismiss your research as largely uninteresting.
please note, that the variable 3rd level bypasses the caching.
The call about the urgent need of a task-force to face this nasty and dangerous attack, in pure dnsinsky hype style, and the advice to "tighten the rules when registering the domains" make the whole thing hilarious.
imho it's hell about time to do finally something with the point that somebody at the icann accepts the fact to have a profit from the spam domain registration and other such things. you can blame me that i am lame (and this is to all who want to tell that the attack is lame), but instead of bitching on me, try to think seriously about possibilities how to avoid this and other shit that is going on every day. thanks god for all the ppl i've been in touch, we already discussed some other workarounds. if you want to contribute, you're welcome.
Best quote: "As we already wrote in this paper, the number of recorded bots during the attack observation was about 14.000 with more than 100.000 spam messages. The target was just one DNS server and only one pre-registered domain was used. The white horse systems were able to disrupt the DNS server operation for more than one day and the effi- ciency of such attack was very high." 14.000 bots to take down one DNS server? UMH.
yes, 14.000 bots took down the DNS server. no kidding! consider that bot sends spam messages to multiple MX, and they perform a hell of lookups.
Cordially, Francesco `ascii` Ongaro http://www.ush.it/ Original url: http://www.zone-h.org/news/id/4739 Mirror: http://nopaste.info/848d88a621.html
minor _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New DDoS attack vector minor float (May 19)
- Re: New DDoS attack vector joris dedieu (May 19)
- Re: New DDoS attack vector Dobbins, Roland (May 19)
- Re: New DDoS attack vector Kristian Erik Hermansen (May 20)
- Re: New DDoS attack vector Balder (May 20)
- Re: New DDoS attack vector Kristian Erik Hermansen (May 20)
- Re: New DDoS attack vector Balder (May 20)
- Re: New DDoS attack vector minor float (May 20)
- Re: New DDoS attack vector Balder (May 20)
- Re: New DDoS attack vector Kristian Erik Hermansen (May 20)
- Message not available
- Re: New DDoS attack vector ascii (May 20)
- Re: New DDoS attack vector minor float (May 20)
- Re: New DDoS attack vector Dobbins, Roland (May 20)
- Message not available
- Re: New DDoS attack vector ascii (May 20)