lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 20 May 2011 15:43:03 +0200
From: ascii <ascii@...amail.com>
To: minor.float@...il.com
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: New DDoS attack vector

On 05/20/2011 02:10 PM, minor float wrote:
> not really, because we have seen that they've used more than one smtp
> server for this.
> minor

Dear minor,

the attack you proposed is very stretched and has an extremely low
efficiency. What follows is my feeling about the issue and I don't
exclude that I could be missing some key concept.

The idea behind well executed DoS attacks is that little resources
on the attacker's side cause big disruption on the victim's assets.

This together with the fact that big MTA clusters are likely to use
a caching DNS server to speed up lookups and delivery is enough to
dismiss your research as largely uninteresting.

The call about the urgent need of a task-force to face this nasty and
dangerous attack, in pure dnsinsky hype style, and the advice to
"tighten the rules when reg­is­ter­ing the domains" make the whole thing
hilarious.

Best quote: "As we already wrote in this paper, the num­ber of recorded
bots dur­ing the attack obser­va­tion was about 14.000 with more than
100.000 spam mes­sages. The tar­get was just one DNS server and only one
pre-​registered domain was used. The white horse sys­tems were able to
dis­rupt the DNS server oper­a­tion for more than one day and the effi­-
ciency of such attack was very high."

14.000 bots to take down one DNS server? UMH.

Cordially,
Francesco `ascii` Ongaro
http://www.ush.it/

Original url: http://www.zone-h.org/news/id/4739
Mirror: http://nopaste.info/848d88a621.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ