[Dshield] monkeys.com UPL being DDOSed to death

Jon R. Kibler Jon.Kibler at aset.com
Tue Sep 23 22:41:49 GMT 2003


John Hardin wrote:
> 
> On Tue, 2003-09-23 at 13:48, Jon R. Kibler wrote:
> > Greetings to all:
> >
> > I have some really sad news. I just got off the telephone with Ron
> > Guilmette who runs the monkeys.com Unsecured Proxies List DNSBL. I
> > hate to say it, but monkeys.com has been killed. It has been DDOSed to
> > death.
> >
> > This makes two DNSBLs that have been DDOSed to death recently. Which
> > one is next? NJABL? ORDB?
> 
> There has to be a way to eliminate the single-point-of-failure here.
> 
> What if the community sets up a distributed DNS net to serve the DNSRBL
> data? The root server could distribute updates only to secondaries that
> have registered. If there were several hundred secondaries then the zone
> would be harder to kill.
> 
> How many DNS secondaries can one zone be served by?
> 
> I know there are commercial services that provide this. How difficult
> would it be to set up and manage by a community?


I talked to Ron about this type of an idea. The problem is not so much a single point of failure as it is the massiveness of the attack. If you have several thousand attackers against one database, having 40 replicates would not do much to thwart an attack of that scale.

There are also the problems of distributing the reporting and testing, and keeping all of that coordinated and in sync.

I am not saying it can't be done... in fact, I would like to see it be done... the only question is how to do it in a reasonable manner, pay for it, etc.

Jon Kibler




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list