North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: monkeys.dom UPL being DDOSed to death

  • From: Joe St Sauver
  • Date: Tue Sep 23 17:09:29 2003

Hi,

#This goes beyond spam and the resources that many mail servers are 
#using. These attacks are being directed at anti-spam organizations 
#today. Where will they point tomorrow? Many forms of breaking through 
#network security require that a system be DOS'd while the crime is being 
#committed. These machines won't quiet down after the blacklists are shut 
#down. They will keep attacking hosts. For the US market, this is a 
#national security issue. These systems will be exploited to cause havoc 
#among networks of all types and sizes; governmental and commercial.

Note that not all DNSBLs are being effectively hit. DNSBLs which run with
publicly available zone files are too distributed to be easily taken down,
particularly if periodic deltas are distributed via cryptographically 
signed Usenet messages (or other "push" channels). You can immunize DNSBLs
from attack, *provided* that you're willing to publicly distribute the 
contents of those DNSBLs. 

And when it comes to dealing with the sources of these attacks, we all 
know that there are *some* networks where security simply isn't any sort of 
priority. (For example, make it a practice to routinely see what ISPs
consistently show up highly ranked on incident summary sites such as
http://www.mynetwatchman.com/ ).

Maybe the folks running those networks are overworked and understafffed, 
maybe they have legal constraints that limit what they can do, maybe their 
management just don't care as long as they keep getting paid. Who knows? 
Whatever the reason, no one is willing to depeer them or filter their
routes, so they really are free to do absolutely *nothing* about 
vulnerable hosts or abusive customers.

There are absolutely *no* consequences to their security inactivity, and
because of that, none of us should be surprised that the problem is 
becoming a worsening one.

Regards,

Joe St Sauver ([email protected])
University of Oregon Computing Center