DDoS on Domain Registrar 69
miller60 writes "Netcraft is reporting that 'domain registrar Joker.com says its nameservers have been hit with a massive DDoS attack, causing outages for customers. More than 550,000 domains are registered with Joker, meaning the outages could be widely felt. It's not clear why the DDoS is succeeding, as most registrars have implemented sturdy DDoS protection since the attack on the root nameserver system back in 2002.' Some security experts have warned in recent weeks about DNS recursion attacks as previously discussed here on Slashdot, which can amplify the power of attacks launched from botnets."
Resist the urge & take action? (Score:2, Insightful)
Next up: can everbody who gets hurt by this attack band together and start a class action suit against this ddos'er? Yeah, IF he gets caught...
We're the internet here, and if this hacker gets found, make an example of him.. he should be in deep debt for the rest of his life. THAT'll scare these script idiots...
allow-recursion { none; }; doesn't always help. (Score:3, Insightful)
Fortinets, ciscos, Junipers all handle a set number of sessions. Some as low as 1500 - 2000, throw those away when you're talking about a large botnet. Depending on how big the botnet is, and how diverse the attacking blocks are sometimes there is very little to do other than wait it out. Even with higher end Fortinets that support up to 35k sessions, if you have 100k uniques over 30k blocks
DNS records must remain public in order to resolve anything. Sorry folks, but if the network you pissed off is large enough
Some pretty scary chit, especially if you are the one who gets called to deal with it. If you want to yell at someone about it, take your pick from one of the thousands of shared web hosting providers who provide a nice comfy woumb for these networks to grow.
So the next time your host tells you that they've disabled exec(), passthru() and shell_exec() in php for security and restricted access to wget and lynx, go a little easier on them. This is why. They have no control over what their users upload and make available to the world.
Even well hardened servers are easy targets if some jackass uploads phpbb version 1. If any script interpreter can make shell calls, you ought to be checking sockets and connections often.
lsof is your friend, learn how to use it