| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jonathan at nuclearelephant.com (Jonathan A. Zdziarski) Subject: new dos attack? > Now assuming you are the ISP, is there any way to get all those domains > pointed to somewhere else without having to define them all on your name > servers? Can't you fax the registrar or something to park them or is this > pretty much a really difficult type of attack to fight off? Spam in its present state doesn't in general (with some exceptions) use a valid return address. They are still being forged which means the DNS queries are for yahoo, aol, and other frequent forgeries. The only real area I can see a lot of potential resolution is with URLs that people click on in emails. In a majority of spams I've seen, however, spammers are still using IP addresses instead of domain names as their goal is to hide as much revealing information as possible to pass them through spam filters [insert rant for Bayesian style filtering]. If they did do this though, I would think that name server caching would significant reduce the number of queries, helping to share the load of the problem. Every customer query to aol.com doesn't hit aol's nameservers (fortunately for AOL)...it hits first the user's local nameserver cache, and second the ISP's cache...with a large company like AOL, it'll also hit the ISP's web/ns inverse cache servers long before it ever touches their actual name servers. Some individuals are coding spam filters that actually perform HTTP gets on the URLs in the spams, in an attempt to DoS the spammers. I would be more concerned about this type of DoS. Jonathan
Powered by blists - more mailing lists