httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: yet another DoS attack (was Re: Bug in URI parsing)
Date Mon, 05 Jan 1998 21:07:50 GMT
Dean Gaudet wrote:
> Oh yeah, also due to negative DNS caching, to set up a full attack against
> check_fulluri() you may need several hundred bogus DNS records.  But that
> doesn't seem to be necessary against my bind-8.1.1 server, I get a 63s
> timeout on every request to

I presume negative DNS caching doesn't cache failure to contact the NS,
only failure of that NS to return a response for the query (or, more
exactly, the NS returning an empty response).



Ben Laurie            |Phone: +44 (181) 735 0686|Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|
and Technical Director|Email: |Apache-SSL author
A.L. Digital Ltd,     |
London, England.      |"Apache: TDG"

View raw message