lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <EKECJMGPAACGOMIGLJJDMEMHDMAA.geoincidents@getinfo.org>
From: geoincidents at getinfo.org (Geo.)
Subject: new dos attack?

Suppose...

some spammer registers domains called spammer1.com thru spammer999.com and
points them at some small ISP's name servers ns.punynameserver.com and
ns1.punynameserver.com unknown to the isp so there is no dns setup for these
domains.

the spammer then starts doing massive spams where the return address is
something@...mmerXXX.com

this results in millions of dns queries to ns.punynameserver.com and
ns1.punynameserver.com which then check with the root servers who point to
them as authoritave so they query themselves for the domains generating
error message after error message.

Now assuming you are the ISP, is there any way to get all those domains
pointed to somewhere else without having to define them all on your name
servers? Can't you fax the registrar or something to park them or is this
pretty much a really difficult type of attack to fight off?

Geo.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ