[Dshield] monkeys.com UPL being DDOSed to death

John Hardin johnh at aproposretail.com
Wed Sep 24 15:37:02 GMT 2003


On Tue, 2003-09-23 at 17:06, Kenneth Porter wrote:
> --On Tuesday, September 23, 2003 2:51 PM -0700 John Hardin
> <johnh at aproposretail.com> wrote:
> 
> > What if the community sets up a distributed DNS net to serve the DNSRBL
> > data? The root server could distribute updates only to secondaries that
> > have registered. If there were several hundred secondaries then the zone
> > would be harder to kill.
> 
> But if you're DDoS'd, how do you get the zone transfers out to your
> secondaries? I guess you're ok if the DDoS doesn't outlast the zone expiration
> period.

Hopefully you could put rules into your firewall packet filter that
would block DNS queries not from your secondaries.

> Registering to be a secondary should be as easy as filling out a web form and
> shouldn't have any special strings, so that the number of secondaries can be
> high. You probably want a small delay (like an hour) before the secondary is
> authorized to keep the process from being used as a DDoS.

Or an email confirmation. This is kinda what I was envisioning.
*hundreds* of secondaries.

> Secondaries should be publicly listed out-of-band so that they can be used
> without a delegation, in case the nameservers of a parent zone get DDoS'ed.
> For instance, a BIND zone config statement in a text file on a web server,
> easy to paste into one's named.conf.

Not quite as automatic as I'd hoped. I was thinking something like the
root DNS doing rotating redirects/delegations automatically, but I don't
suppose that capability exists. This would load-balance across all the
secondaries automatically.

--
John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  There is no problem that cannot be solved by the appropriate
  application of high explosives.
-----------------------------------------------------------------------
 42 days until Matrix Revolutions




More information about the list mailing list