Skip to comments.
Denial of Service Attack at Internet Root Servers
AP ^
| 22 OCT 2002
| TED BRIDIS
Posted on 10/22/2002 4:54:09 PM PDT by j_tull
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-67 last
Comment #61 Removed by Moderator
To: toenail
"Sun. We're the invisible dot at the end of dot com. Really. No, really, there's an invisible dot at the end. That's us."
Sound like they're the idiot in dot.com.
To: justlurking
DDoS attack
What an opportunity lost ... it ought to have been labelled
M utli
S ource
D enial
O f
S ervice
To: justlurking
The actual source of the SYN/ACK is a third-party server responding to a SYN directed to a port on which
it is listening, but it's responding to a
client port (> 1023) on the victim's IP instead of the IP of the machine that actually sent the original SYN.
It doesn't matter if anything's listening to the destination port on the victim host or not, and it doesn't matter which protocols are supported by anything that happens to be listening on the destination port; the traffic is still arriving at the interface and the system has to look at each packet to decide what to do with it. The effect of this attack is the depletion of bandwidth (stressed routers, dropped packets, etc.) and server resources spent dealing with the bogus traffic.
To: MPB
Understood - and your explanation was better than my simple assertion that DNS root-server attacks would not cause "immediate" slow loading of pages from the FR web server. Name associations perk from the bottom-up to root, then back down through the network of Domain Name Servers in a matter of days, usually.
65
posted on
10/23/2002 3:14:07 AM PDT
by
Cboldt
To: Yehuda
Got my PADI cert there. GREAT diving! You must be psychic!! Got my cert as well while I was there!! Isn't it just great?
66
posted on
10/23/2002 4:34:35 AM PDT
by
unixfox
To: MPB
Hmm... I would have imagined that the maintainers of the roots would have LONG ago turned if ICMP at the routers. That surprised me as well. But, in the posting that I referenced, someone was in the process of writing a paper about the vulnerability, so it was already known.
To answer other questions, I could be entirely off my rocker, but I'm fairly certain the roots run just customized *nix of some form, with only DNS doing anything on the machine.
That's what I would expect as well. Of course, you may be able to get a response from other ports at the same IP address, but it's a simple matter to redirect requests to other servers at the firewall/router.
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-67 last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson