Re: DoS attack ?

Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net> Thu, 06 December 2001 17:54 UTC

Return-Path: <ietf-irnss-errors@lists.elistx.com>
Received: from ELIST-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00704OE8MB@eListX.com> (original mail from brunner@nic-naa.net); Thu, 06 Dec 2001 12:54:08 -0500 (EST)
Received: from CONVERSION-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00701OE6M8@eListX.com> for ietf-irnss@elist.lists.elistx.com (ORCPT ietf-irnss@lists.elistx.com); Thu, 06 Dec 2001 12:54:07 -0500 (EST)
Received: from DIRECTORY-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00701OE6M6@eListX.com> for ietf-irnss@elist.lists.elistx.com (ORCPT ietf-irnss@lists.elistx.com); Thu, 06 Dec 2001 12:54:06 -0500 (EST)
Received: from nic-naa.net (216-220-241-232.midmaine.com [216.220.241.232]) by eListX.com (PMDF V6.0-025 #44856) with ESMTP id <0GNX0070JOE5L5@eListX.com> for ietf-irnss@lists.elistx.com; Thu, 06 Dec 2001 12:54:05 -0500 (EST)
Received: from nic-naa.net (localhost.nic-naa.net [127.0.0.1]) by nic-naa.net (8.11.6/8.9.3) with ESMTP id fB6Hpml16717; Thu, 06 Dec 2001 12:51:49 -0500 (EST envelope-from brunner@nic-naa.net)
Date: Thu, 06 Dec 2001 12:51:48 -0500
From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Subject: Re: DoS attack ?
In-reply-to: "Your message of Fri, 07 Dec 2001 02:35:29 +0900." <20011207023529.J29209@spsoft.co.kr>
To: YangWoo Ko <newcat@spsoft.co.kr>
Cc: ietf-irnss@lists.elistx.com
Message-id: <200112061751.fB6Hpml16717@nic-naa.net>
MIME-version: 1.0
X-Mailer: exmh version 1.6.9 8/22/96
Content-type: text/plain; charset=us-ascii
List-Owner: <mailto:ietf-irnss-help@lists.elistx.com>
List-Post: <mailto:ietf-irnss@lists.elistx.com>
List-Subscribe: <http://lists.elistx.com/ob/adm.pl>, <mailto:ietf-irnss-request@lists.elistx.com?body=subscribe>
List-Unsubscribe: <http://lists.elistx.com/ob/adm.pl>, <mailto:ietf-irnss-request@lists.elistx.com?body=unsubscribe>
List-Archive: <http://lists.elistx.com/archives/ietf-irnss>
List-Help: <http://lists.elistx.com/elists/admin.shtml>, <mailto:ietf-irnss-request@lists.elistx.com?body=help>
List-Id: <ietf-irnss.lists.elistx.com>

YangWoo,

I wouldn't refer to this as a DoS attack, rather as a mechanism for the
(unauthorized) replication (of some or all) of the store.

It may matter that what amounts to an unauthorized zone transfer ties up
the data flow source node, or its local bandwidth, and that these may be
synchronized across multiple sink nodes to fully consume either host cpu
or subnet i/o resource, but that is only one case (discard-at-sinks) of
resource replication.

We see the latter in data mining against whois servers, and I would expect
that resource capture isn't confined to telemarketers mining for telephone
contact data.

Eric