nanog mailing list archives
Re: Did Wanadoo, French ISP, block access to SCO?
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Mon, 2 Feb 2004 00:48:19 +0000 (GMT)
So thats 1-0 to the worm! You could do some real cool things if you were controlling the DNS for a site under a major sustained DDoS, who doesnt the intended victim like.. just fire up an A record and they're gone! ;p Btw I'm seeing www.caldera.com disappear into Level3, seems theyre down. Steve On Sun, 1 Feb 2004, Rubens Kuhl Jr. wrote:
Just drop the www.sco.com DNS record, as they did... this particular worm goes after the URL, not the IP it usually had.nslookup www.sco.com*** can't find www.sco.com: Non-existent domainnslookup www.caldera.comNon-authoritative answer: Name: www.caldera.com Address: 216.250.128.12 Rubens ----- Original Message ----- From: <Valdis.Kletnieks () vt edu> To: "Rubens Kuhl Jr." <rubens () email com> Cc: <hackerwacker () cybermesa com>; <nanog () merit edu> Sent: Sunday, February 01, 2004 9:09 PM Subject: Re: Did Wanadoo, French ISP, block access to SCO? On Sun, 01 Feb 2004 20:00:40 -0200, "Rubens Kuhl Jr." <rubens () email com> said:And by blackholing that IP they've also blackholed www.caldera.com, whichiscurrently not a DDoS target but is also not respondig to requests.Umm,, I'll bite. If www.sco.com and www.caldera.com are on the same IP, how do you create a DDoS that wouldn't take out the Caldera site as well? A sheer-traffic DDoS will hurt both. A synflood will hurt both. The webserver that's listening on port 80 doesn't know which site is being connected to until it actually reads in the HTTP/1.1 headers and looks at the Host: tag - and if there's enough things arriving with 'Host: www.sco.com', it will require some *very* creative filtering/limiting to keep one website working while the other is down....
Current thread:
- Did Wanadoo, French ISP, block access to SCO? Sean Donelan (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? James Edwards (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Thomas Seyrat (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Rubens Kuhl Jr. (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Valdis . Kletnieks (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Rubens Kuhl Jr. (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Stephen J. Wilcox (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Jess Kitchen (Feb 01)
- Re: SCO Petri Helenius (Feb 01)
- Re: SCO Valdis . Kletnieks (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? James Edwards (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Petri Helenius (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Randy Bush (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Petri Helenius (Feb 01)
- <Possible follow-ups>
- RE: Did Wanadoo, French ISP, block access to SCO? CHUNIKHIN Igor FTLD (Feb 01)
- Re: Did Wanadoo, French ISP, block access to SCO? Miquel van Smoorenburg (Feb 02)