<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] Re: [At-Large] Network Solutions Under Large Scale DDoS Attack
- To: Joe Baptista <baptista@xxxxxxxxxxxxxx>
- Subject: Re: [ga] Re: [At-Large] Network Solutions Under Large Scale DDoS Attack
- From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
- Date: Sun, 25 Jan 2009 02:37:12 -0800
Dr. Joe and all,
My suggestion was half jest, and half, disgust.
Distributing .Com could be done, but would be more of a
headace that would be worth. Better would be to set up
a sub-zone that can be swithced too. This again would be
a managment overhead problem, but would provide a good
backup capability and if done right could be swapped quickly
to keep the DDos attackers guessing. But what a frustration
to the operators that would be! >:(
I still think my first suggestion on this problem was the best. That
being generally speaking, for NSOL/VRSN to offer some price
roolbacks, a free DN registration day every month, and maybe
throw in a Tote Bag with "Support Barack" or "Support our
Troops" on both sides... >:)
Joe Baptista wrote:
>
>
> On Sun, Jan 25, 2009 at 5:27 PM, Hugh Dierker <hdierker2204@xxxxxxxxx>
> wrote:
>
>
>
Sorry Joe, I guess I was unclear. My question is this: When
this inevitable failure occurs where will we go to get what
we want?
>
>
> You don't get what you want - most likely. A failure in the
> resolution of the .com zone would result in failures in every other
> zone where all the name servers use .com host names. I've tested this
> before and it could be up to 60% of the Internet would be difficult to
> resolve.
>
> cnn.com would go poof - because it exclusively uses aol.com name
> servers. a lot of sites out side .com would also disappear.
>
> So there is really nothing you can do. Maybe Jeffs suggestion to
> visit the ICANN mens room is not so bad an option worth considering
> after all.
>
> Now the way to prevent it is to simply distribute domain name server
> across many hosts using different TLDs. This would make the domain
> less vulnerable but only if the domain was not .com. If it is in the
> .com zone there is nothing you can do - under this sort of attack it
> simply won't resolve.
>
> regards
> joe baptista
>
>
>
>
>
--- On Sun, 1/25/09, Joe Baptista <baptista@xxxxxxxxxxxxxx> wrote:
From: Joe Baptista <baptista@xxxxxxxxxxxxxxx>
Subject: Re: [ga] Re: [At-Large] Network Solutions Under Large Scale
DDoS Attack
To: hdierker2204@xxxxxxxxx
Cc: "At-Large Worldwide" <at-large@xxxxxxxxxxxxxxxxxxxxxxx>, "Ga"
<ga@xxxxxxxxxxxxxx>
Date: Sunday, January 25, 2009, 6:43 AM
On Sun, Jan 25, 2009 at 9:03 AM, Hugh
Dierker <hdierker2204@xxxxxxxxx> wrote:
So then following out your so wisened scenario; What would
we migrate to then?Or would we just go for walks, read
books and watch Network TV shows?
To prevent resolution failure you need name servers having host
names
from zones NOT .com. And this only works for NON .com domains. If
the .com servers are successfully attacked then all of .com is
effected.
The problem is .com is so pervasive in its popularity and so many
name server hosts use .com in their host names that this sort of
attack is inevitable.
regards
joe baptista
--- On Sat, 1/24/09, Joe Baptista <baptista@xxxxxxxxxxxxxx>
wrote:
From: Joe Baptista <baptista@xxxxxxxxxxxxxx>
Subject: [ga] Re: [At-Large] Network Solutions
Under Large Scale DDoS Attack
To: "At-Large Worldwide"
<at-large@xxxxxxxxxxxxxxxxxxxxxxx>
Cc: "Ga" <ga@xxxxxxxxxxxxxx>
Date: Saturday, January 24, 2009, 6:39 PM
On Sat, Jan 24, 2009 at 1:56 PM, John R.
Levine <johnl@xxxxxxxx> wrote:
Hate to say it folks - but I
told you so a long time ago
this was going to
happen. If you want to
attack the Internet - you
don't attack the root
servers - you attack .com
name space. Once .com name
space is offline a lot
of the net just twinkles out
of existence.
Network Solutions is not Verisign, and
hasn't been for about a decade.
Perhaps you might want to update your
bookmarks or something.
Don't bother telling me that - email the
journalist who wrote the article.
The issue here is that a successful attack
against the ..com servers would take out most of
the internet since the technical infrastructure
is so heavily dependent on the the .com zone.
Any dummy should understand that.
It's irrelevant who runs the .com zone - the
problem here is its popularity as a tld label
also makes it vulnerable to attack because so
many name space objects - ns hosts - are
technically dependent on the zone.
The day .com goes off line - and this day is
inevitable - most of the internet will simply
disappear for so many folks. I look forward to
that day - will give me an excuse to take the day
off and enjoy an Internet free day..
regards
joe baptista
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent,
Inclusive, Representative & Accountable to e
Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive,
Representative & Accountable to the Internet community @large.
----------------------------------------------------------------
Office: +1 (360) 526-6077 (extension 052)
Fax: +1 (509) 479-0084
>
>
>
>
> --
> Joe Baptista
> www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive,
> Representative & Accountable to the Internet community @large.
> ----------------------------------------------------------------
> Office: +1 (360) 526-6077 (extension 052)
> Fax: +1 (509) 479-0084
>
Regards,
Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"YES WE CAN!" Barack ( Berry ) Obama
"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|