[63704] in North American Network Operators' Group
Sitefinder and DDoS
daemon@ATHENA.MIT.EDU (Howard C. Berkowitz)
Thu Oct 9 14:28:59 2003
Date: Thu, 9 Oct 2003 13:35:17 -0400
To: nanog@merit.org
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Errors-To: owner-nanog-outgoing@merit.edu
Let's assume for a moment that Verisign's wildcards and Sitefinder go
back into operation.
Let's also assume someone sets up a popular webpage with malware HTML
causing it, perhaps with a time delay, to issue rapid GETs to
deliberately nonexistent domains.
What would be the effect on overall Internet traffic patterns if
there were one Sitefinder site? (flashback to ARPANET node
announcing it had zero cost to any route)
How many Sitefinder nodes would we need to avoid massive single-point
congestion?
AFAIK, the issues of distribution of Sitefinder, and even a formal
content distribution network, were not discussed. I asked some
general questions that touched on this at the ICANN ISSC committee
meeting, but I think they were interpreted as directed toward the
reliability of the Sitefinder service in operation, rather than
potential vulnerabilities it might create.
I am NOT suggesting this simply as an argument against Sitefinder,
and I'd like to see engineering analysis of how this vulnerability
could be prevented.
