[62865] in North American Network Operators' Group
Re: monkeys.dom UPL being DDOSed to death
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Tue Sep 23 17:18:20 2003
Date: Tue, 23 Sep 2003 17:16:02 -0400
To: Joe St Sauver <JOE@OREGON.UOREGON.EDU>, jbates@brightok.net
From: Mike Tancsa <mike@sentex.net>
Cc: nanog@merit.edu
In-Reply-To: <01L107U0KTV08WWBP0@OREGON.UOREGON.EDU>
Errors-To: owner-nanog-outgoing@merit.edu
http://www.openrbl.org
is also offline due to a DDoS.
---Mike
At 05:04 PM 23/09/2003, Joe St Sauver wrote:
>Hi,
>
>#This goes beyond spam and the resources that many mail servers are
>#using. These attacks are being directed at anti-spam organizations
>#today. Where will they point tomorrow? Many forms of breaking through
>#network security require that a system be DOS'd while the crime is being
>#committed. These machines won't quiet down after the blacklists are shut
>#down. They will keep attacking hosts. For the US market, this is a
>#national security issue. These systems will be exploited to cause havoc
>#among networks of all types and sizes; governmental and commercial.
>
>Note that not all DNSBLs are being effectively hit. DNSBLs which run with
>publicly available zone files are too distributed to be easily taken down,
>particularly if periodic deltas are distributed via cryptographically
>signed Usenet messages (or other "push" channels). You can immunize DNSBLs
>from attack, *provided* that you're willing to publicly distribute the
>contents of those DNSBLs.
>
>And when it comes to dealing with the sources of these attacks, we all
>know that there are *some* networks where security simply isn't any sort of
>priority. (For example, make it a practice to routinely see what ISPs
>consistently show up highly ranked on incident summary sites such as
>http://www.mynetwatchman.com/ ).
>
>Maybe the folks running those networks are overworked and understafffed,
>maybe they have legal constraints that limit what they can do, maybe their
>management just don't care as long as they keep getting paid. Who knows?
>Whatever the reason, no one is willing to depeer them or filter their
>routes, so they really are free to do absolutely *nothing* about
>vulnerable hosts or abusive customers.
>
>There are absolutely *no* consequences to their security inactivity, and
>because of that, none of us should be surprised that the problem is
>becoming a worsening one.
>
>Regards,
>
>Joe St Sauver (joe@oregon.uoregon.edu)
>University of Oregon Computing Center
