httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: yet another DoS attack (was Re: Bug in URI parsing)
Date Mon, 05 Jan 1998 21:07:50 GMT
Dean Gaudet wrote:
> Oh yeah, also due to negative DNS caching, to set up a full attack against
> check_fulluri() you may need several hundred bogus DNS records.  But that
> doesn't seem to be necessary against my bind-8.1.1 server, I get a 63s
> timeout on every request to dne.arctic.org.

I presume negative DNS caching doesn't cache failure to contact the NS,
only failure of that NS to return a response for the query (or, more
exactly, the NS returning an empty response).

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
A.L. Digital Ltd,     |http://www.algroup.co.uk/Apache-SSL
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Mime
View raw message