[4434] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Matt Ranney)
Mon Sep 16 22:16:08 1996
From: Matt Ranney <mjr@wacky.eit.com>
To: paul@vix.com (Paul A Vixie)
Date: Mon, 16 Sep 1996 19:01:24 -0700 (PDT)
Cc: c-huegen@quad.quadrunner.com, bass@cactus.silkroad.com, kwe@6sigmanets.com,
nanog@merit.edu, iepg@iepg.org
In-Reply-To: <9609170144.AA12468@wisdom.home.vix.com> from "Paul A Vixie" at Sep 16, 96 06:44:43 pm
Paul A Vixie writes...
>
[...]
> I don't think you can, there's no pattern. You could rotate your server
> address using a very short DNS TTL, though the attacker can follow the
> changes using DNS so this isn't all that useful even if it would be fun.
But if the attacker also followed the changes, then he'd have to be
constantly querying a name server that presumably is somewhat easier
to monitor than some router at some other provider. Although, I guess
a smart attacker would compile a list of thousands of servers that he
could randomly select from that would happily forward the request for
him, so we're back to pretty much the same old random random source
problem.
It almost seems like it could be a good idea.
--
Matt Ranney - mjr@eit.com
This is how I sign all my messages.
