Free Republic
Browse · Search		 News/Activism
Topics · Post Article

Skip to comments.

Denial of Service Attack at Internet Root Servers
AP ^ | 22 OCT 2002 | TED BRIDIS

Posted on 10/22/2002 4:54:09 PM PDT by j_tull

click here to read article

Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-67 last
Comment #61 Removed by Moderator
To: toenail
"Sun. We're the invisible dot at the end of dot com. Really. No, really, there's an invisible dot at the end. That's us."

Sound like they're the idiot in dot.com.
62 posted on 10/22/2002 10:18:17 PM PDT by Mike Fieschko
[ Post Reply | Private Reply | To 55 | View Replies]
To: justlurking
DDoS attack

What an opportunity lost ... it ought to have been labelled
M utli
S ource
D enial
O f
S ervice
63 posted on 10/22/2002 10:21:01 PM PDT by Mike Fieschko
[ Post Reply | Private Reply | To 57 | View Replies]
To: justlurking
The actual source of the SYN/ACK is a third-party server responding to a SYN directed to a port on which it is listening, but it's responding to a client port (> 1023) on the victim's IP instead of the IP of the machine that actually sent the original SYN.

It doesn't matter if anything's listening to the destination port on the victim host or not, and it doesn't matter which protocols are supported by anything that happens to be listening on the destination port; the traffic is still arriving at the interface and the system has to look at each packet to decide what to do with it. The effect of this attack is the depletion of bandwidth (stressed routers, dropped packets, etc.) and server resources spent dealing with the bogus traffic.

64 posted on 10/22/2002 10:34:59 PM PDT by dwollmann
[ Post Reply | Private Reply | To 57 | View Replies]
To: MPB
Understood - and your explanation was better than my simple assertion that DNS root-server attacks would not cause "immediate" slow loading of pages from the FR web server. Name associations perk from the bottom-up to root, then back down through the network of Domain Name Servers in a matter of days, usually.
65 posted on 10/23/2002 3:14:07 AM PDT by Cboldt
[ Post Reply | Private Reply | To 31 | View Replies]
To: Yehuda
Got my PADI cert there. GREAT diving!

You must be psychic!! Got my cert as well while I was there!! Isn't it just great?


66 posted on 10/23/2002 4:34:35 AM PDT by unixfox
[ Post Reply | Private Reply | To 59 | View Replies]
To: MPB
Hmm... I would have imagined that the maintainers of the roots would have LONG ago turned if ICMP at the routers.

That surprised me as well. But, in the posting that I referenced, someone was in the process of writing a paper about the vulnerability, so it was already known.

To answer other questions, I could be entirely off my rocker, but I'm fairly certain the roots run just customized *nix of some form, with only DNS doing anything on the machine.

That's what I would expect as well. Of course, you may be able to get a response from other ports at the same IP address, but it's a simple matter to redirect requests to other servers at the firewall/router.

67 posted on 10/23/2002 6:36:01 AM PDT by justlurking
[ Post Reply | Private Reply | To 60 | View Replies]

Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-67 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 News/Activism
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson