Michael Cassidy wrote: > > At 4:03 PM -0700 2/12/00, hndat_private wrote: > >hi, > > > >I was just wondering that The latest attacks on the popular web sites had only > >one objective behind it: to bring the web sites and render it useless for the > >period of attack. If these hacker really do want to create massive scale > >problems why not hack the root servers?!!!!!!! This will bring down the whole > >internet. > > bringing down a few dot.coms isnt bring down the net or causing massive > problems espcially for those of us that dont think the net is a retail > store. You don't make any sense. Taking out the root nameservers would bring the entire net to its knees. If "those of us that don't think of the internet as a retail store" are those people that have decided that nameservice is useless and that everyone should just memorize IP addresses - count me out. Nameservice is necessary for just about every other service available, and without the root servers, nameservice wouldn't work. No email, no http, no streaming audio, no IRC, no ICQ, nothing. Period. Try and read a little before flaming. Hoshil: You've got a real and solid question there - what exactly are the maintainers of the root nameservers doing to make certain that this doesn't happen? I remember reading about a "DNS Smurf" attack on Bugtraq - anyone have any idea what's possible to prevent something like this? Is it possible to do some sort of stateful inspection to block this? Ahh, found the message with the advisory: <quote> TESO Security Advisory 02/11/2000 Nameserver traffic amplify (DNS Smurf) and NS Route discovery (DNS Traceroute) Summary =================== Nameservers which accept and forward external DNS queries may be abused as traffic amplifiers, exposing a possible threat to network integrity by bandwidth saturation (DNS Smurf). A "deaf" pseudo nameserver may be used to discover the query chain a DNS query takes through various nameservers, allowing to make a trace- route like route discovery (DNS Traceroute). </quote> Anyone have any clue how to protect a nameserver against this? If I'm reading the advisory correctly, misconfigured nameservers are used in a chain to do bandwidth amplification, and this - hurm. Seems like perhaps it's just another denial of service attack, much like smurf, that uses DNS queries as the traffic, and uses misconfigured servers to provide that bandwidth. So, it probably doesn't directly affect the root nameservers, but rather, it's just another form of DoS that COULD be used on them. The risk is there - anyone have any insider stuff on what's being done? Cheers, - Drew.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:12 PDT