[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <EKECJMGPAACGOMIGLJJDMEMHDMAA.geoincidents@getinfo.org>
From: geoincidents at getinfo.org (Geo.)
Subject: new dos attack?
Suppose...
some spammer registers domains called spammer1.com thru spammer999.com and
points them at some small ISP's name servers ns.punynameserver.com and
ns1.punynameserver.com unknown to the isp so there is no dns setup for these
domains.
the spammer then starts doing massive spams where the return address is
something@...mmerXXX.com
this results in millions of dns queries to ns.punynameserver.com and
ns1.punynameserver.com which then check with the root servers who point to
them as authoritave so they query themselves for the domains generating
error message after error message.
Now assuming you are the ISP, is there any way to get all those domains
pointed to somewhere else without having to define them all on your name
servers? Can't you fax the registrar or something to park them or is this
pretty much a really difficult type of attack to fight off?
Geo.
Powered by blists - more mailing lists