[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new

To: Rainer Gerhards <rgerhards@xxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
From: Michael Renzmann <security@xxxxxxxxxx>
Date: Wed, 17 Sep 2003 13:18:35 +0200

Hi.

Rainer Gerhards wrote:

I think they have underestimated the number
of typos and as such under-powered the machine. A good indication is the
single IP (even though that eventually is a reverse proxy).

I agree.

As a side note: could it be possible to DoS name servers by querying tons of non-existant .net domains? As example, if several users of a DSL provider try to query random and thus most probably non-existing .net domains that now all deliver the afore mentioned IP as result, could it be possible to bring the DNS servers down? I guess not, because those servers should be able to throw away old queries in case a configured memory limit is reached. On the other hand this could cause additional traffic and slower responses for other customers as valid DNS entries have to be re-queried from the DNS-uplinks. Am I right with this?

Bye, Mike

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Verisign abusing .COM/.NET - nothing new..
  - From: Roelof Temmingh

References:
- RE: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
  - From: Rainer Gerhards

Prev by Date: Re: [Full-Disclosure] openssh remote exploit
Next by Date: RE: [Full-Disclosure] Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
Previous by thread: RE: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
Next by thread: [Full-Disclosure] Verisign abusing .COM/.NET - nothing new..
Index(es):
- Date
- Thread