nanog mailing list archives

Re: Sitefinder and DDoS

From: Bruce Campbell <bc-nanog () vicious dropbear id au>
Date: Fri, 10 Oct 2003 09:41:53 +0200 (CEST)


On Thu, 9 Oct 2003, Kee Hinckley wrote:

At 10:41 PM +0300 10/9/03, Petri Helenius wrote:

With $100M annual revenue at stake, I would be willing to provide
distributed solutions
to this problem if you send me a reasonable fraction of that money.


But can you do it without breaking the assumption that any lookup on
*.TLD will always return the same value as badxxxdomain.TLD?


Well, the problem space is that a wildcard is involved.  Since 1034
indicates that the answer for '*.something' is the same as
'otherwise-unmatched.something', I think this assumption is fairly safe.

The assumption is not safe if the authoritative nameservers for the
underlying zone are not performing according to the DNS specs; ie, they
have synthesised answers that are not from a wildcard (which can be
queried).

--==--
Bruce.

Current thread:

Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS bmanning (Oct 09)
  - Message not available
    - Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
    - Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- <Possible follow-ups>
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
  - Re: Sitefinder and DDoS Petri Helenius (Oct 09)
    - Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
    - Re: Sitefinder and DDoS Kee Hinckley (Oct 09)
    - Re: Sitefinder and DDoS Petri Helenius (Oct 09)
    - Re: Sitefinder and DDoS Bruce Campbell (Oct 10)
    - Re: Sitefinder and DDoS Owen DeLong (Oct 10)