nanog mailing list archives
Re: Sitefinder and DDoS
From: bmanning () karoshi com
Date: Thu, 9 Oct 2003 11:25:09 -0700 (PDT)
Let's assume for a moment that Verisign's wildcards and Sitefinder go back into operation. Let's also assume someone sets up a popular webpage with malware HTML causing it, perhaps with a time delay, to issue rapid GETs to deliberately nonexistent domains. What would be the effect on overall Internet traffic patterns if there were one Sitefinder site? (flashback to ARPANET node announcing it had zero cost to any route) How many Sitefinder nodes would we need to avoid massive single-point congestion?
you may wish to review/examine the AS112 project materials. I used to run the single instance of the authoritative DNS service for RFC 1918 space. We were periodically hammered and discovered an interesting "local" optimization from one vendor who did not respect the "negative-caching" timers. The upshot was that the normal "blow-the-bolts" tactic that usually compartmentalizes failures actually aggrevated the problem. :) The single instance was migrated to the anycast model under the AS112 folks.
I am NOT suggesting this simply as an argument against Sitefinder, and I'd like to see engineering analysis of how this vulnerability could be prevented.
--bill
Current thread:
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS bmanning (Oct 09)
- Message not available
- Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Message not available
- Re: Sitefinder and DDoS bmanning (Oct 09)
- <Possible follow-ups>
- Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Re: Sitefinder and DDoS Howard C. Berkowitz (Oct 09)
- Re: Sitefinder and DDoS Kee Hinckley (Oct 09)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)
- Re: Sitefinder and DDoS Bruce Campbell (Oct 10)
- Re: Sitefinder and DDoS Owen DeLong (Oct 10)
- Re: Sitefinder and DDoS Petri Helenius (Oct 09)