[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] new dos attack?

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] new dos attack?
From: "Geo." <geoincidents@getinfo.org>
Date: Thu, 4 Dec 2003 09:22:06 -0500

Suppose...

some spammer registers domains called spammer1.com thru spammer999.com and
points them at some small ISP's name servers ns.punynameserver.com and
ns1.punynameserver.com unknown to the isp so there is no dns setup for these
domains.

the spammer then starts doing massive spams where the return address is
something@spammerXXX.com

this results in millions of dns queries to ns.punynameserver.com and
ns1.punynameserver.com which then check with the root servers who point to
them as authoritave so they query themselves for the domains generating
error message after error message.

Now assuming you are the ISP, is there any way to get all those domains
pointed to somewhere else without having to define them all on your name
servers? Can't you fax the registrar or something to park them or is this
pretty much a really difficult type of attack to fight off?

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] new dos attack?
  - From: "Jonathan A. Zdziarski" <jonathan@nuclearelephant.com>

References:
- Re: [Full-Disclosure] Partial Solution to SUID Problems
  - From: Gino Thomas <g.thomas@nux-acid.org>

Prev by Date: [Full-Disclosure] Yet another PayPal scam?
Next by Date: [Full-Disclosure] SIP client for *nix
Previous by thread: Re: [Full-Disclosure] Partial Solution to SUID Problems
Next by thread: Re: [Full-Disclosure] new dos attack?
Index(es):
- Date
- Thread