ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Re: [At-Large] Network Solutions Under Large Scale DDoS Attack

  • To: Joe Baptista <baptista@xxxxxxxxxxxxxx>
  • Subject: Re: [ga] Re: [At-Large] Network Solutions Under Large Scale DDoS Attack
  • From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Date: Sun, 25 Jan 2009 02:37:12 -0800

Dr. Joe and all,

 My suggestion was half jest, and half, disgust.

  Distributing .Com could be done, but would be more of a
headace that would be worth.  Better would be to set up
a sub-zone that can be swithced too.  This again would be
a managment overhead problem, but would provide a good
backup capability and if done right could be swapped quickly
to keep the DDos attackers guessing.  But what a frustration
to the operators that would be!  >:(

  I still think my first suggestion on this problem was the best.  That
being generally speaking, for NSOL/VRSN to offer some price
roolbacks, a free DN registration day every month, and maybe
throw in a Tote Bag with "Support Barack" or "Support our
Troops" on both sides...  >:)

Joe Baptista wrote:

>
>
> On Sun, Jan 25, 2009 at 5:27 PM, Hugh Dierker <hdierker2204@xxxxxxxxx>
> wrote:
>
>
>
       Sorry Joe, I guess I was unclear. My question is this: When
       this inevitable failure occurs where will we go to get what
       we want?
>
>
> You don't get what you want - most likely.  A failure in the
> resolution of the .com zone would result in failures in every other
> zone where all the name servers use .com host names.  I've tested this
> before and it could be up to 60% of the Internet would be difficult to
> resolve.
>
> cnn.com would go poof - because it exclusively uses aol.com name
> servers.  a lot of sites out side .com would also disappear.
>
> So there is really nothing you can do.  Maybe Jeffs suggestion to
> visit the ICANN mens room is not so bad an option worth considering
> after all.
>
> Now the way to prevent it is to simply distribute domain name server
> across many hosts using different TLDs.  This would make the domain
> less vulnerable but only if the domain was not .com.  If it is in the
> .com zone there is nothing you can do - under this sort of attack it
> simply won't resolve.
>
> regards
> joe baptista
>
>
>
>
>


       --- On Sun, 1/25/09, Joe Baptista <baptista@xxxxxxxxxxxxxx> wrote:

            From: Joe Baptista <baptista@xxxxxxxxxxxxxxx>
            Subject: Re: [ga] Re: [At-Large] Network Solutions Under Large Scale
            DDoS Attack
            To: hdierker2204@xxxxxxxxx
            Cc: "At-Large Worldwide" <at-large@xxxxxxxxxxxxxxxxxxxxxxx>, "Ga"
            <ga@xxxxxxxxxxxxxx>
            Date: Sunday, January 25, 2009, 6:43 AM



            On Sun, Jan 25, 2009 at 9:03 AM, Hugh
            Dierker <hdierker2204@xxxxxxxxx> wrote:



                 So then following out your so wisened scenario; What would
                 we migrate to then?Or would we just go for walks, read
                 books and watch Network TV shows?


            To prevent resolution failure you need name servers having host 
names
            from zones NOT .com. And this only works for NON .com domains.  If
            the .com servers are successfully attacked then all of .com is
            effected.

            The problem is .com is so pervasive in its popularity and so many
            name server hosts use .com in their host names that this sort of
            attack is inevitable.

            regards
            joe baptista






                 --- On Sat, 1/24/09, Joe Baptista <baptista@xxxxxxxxxxxxxx>
                 wrote:

                      From: Joe Baptista <baptista@xxxxxxxxxxxxxx>
                      Subject: [ga] Re: [At-Large] Network Solutions
                      Under Large Scale DDoS Attack
                      To: "At-Large Worldwide"
                      <at-large@xxxxxxxxxxxxxxxxxxxxxxx>
                      Cc: "Ga" <ga@xxxxxxxxxxxxxx>
                      Date: Saturday, January 24, 2009, 6:39 PM


                      On Sat, Jan 24, 2009 at 1:56 PM, John R.
                      Levine <johnl@xxxxxxxx> wrote:

                                Hate to say it folks - but I
                                told you so a long time ago
                                this was going to
                                happen.  If you want to
                                attack the Internet - you
                                don't attack the root
                                servers - you attack .com
                                name space.  Once .com name
                                space is offline a lot
                                of the net just twinkles out
                                of existence.

                           Network Solutions is not Verisign, and
                           hasn't been for about a decade.

                           Perhaps you might want to update your
                           bookmarks or something.


                      Don't bother telling me that - email the
                      journalist who wrote the article.

                      The issue here is that a successful attack
                      against the ..com servers would take out most of
                      the internet since the technical infrastructure
                      is so heavily dependent on the the .com zone.
                      Any dummy should understand that.

                      It's irrelevant who runs the .com zone - the
                      problem here is its popularity as a tld label
                      also makes it vulnerable to attack because so
                      many name space objects - ns hosts - are
                      technically dependent on the zone.

                      The day .com goes off line - and this day is
                      inevitable - most of the internet will simply
                      disappear for so many folks.  I look forward to
                      that day - will give me an excuse to take the day
                      off and enjoy an Internet free day..

                      regards
                      joe baptista

                      --
                      Joe Baptista
                      www.publicroot.org
                      PublicRoot Consortium
                      
----------------------------------------------------------------

                      The future of the Internet is Open, Transparent,
                      Inclusive, Representative & Accountable to e
                      Internet community @large.
                      
----------------------------------------------------------------

                       Office: +1 (360) 526-6077 (extension 052)
                          Fax: +1 (509) 479-0084




            --
            Joe Baptista
            www.publicroot.org
            PublicRoot Consortium
            ----------------------------------------------------------------
            The future of the Internet is Open, Transparent, Inclusive,
            Representative & Accountable to the Internet community @large.
            ----------------------------------------------------------------
             Office: +1 (360) 526-6077 (extension 052)
                Fax: +1 (509) 479-0084


>
>
>
>
> --
> Joe Baptista
> www.publicroot.org
> PublicRoot Consortium
> ----------------------------------------------------------------
> The future of the Internet is Open, Transparent, Inclusive,
> Representative & Accountable to the Internet community @large.
> ----------------------------------------------------------------
>  Office: +1 (360) 526-6077 (extension 052)
>     Fax: +1 (509) 479-0084
>

Regards,

Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln
"YES WE CAN!"  Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827




<<< Chronological Index >>>    <<< Thread Index >>>