On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 41 of 41:
« Previous
DNS under attack all the time
The DNS servers live in a denial of service environment at all times. It's not because there are lots of evil hackers trying to kill them all the time, but because millions of misconfigured windows machines make bad requests all the time.

I went to a speech given by the guys who ran the root DNS servers for the USA some years back, and according to them, there were something like 6 or 7 servers in the US, and one of those was hooked up to routers that detected bad requests and sent them to that server just to get a "bad request" reply. Shortly before I heard this speech (4 or 5 years ago???) they had been attacked by a DOS attack, and the increase in bad requests was only a slight blip.

So, because Windows being misconfigured had resulted in a need to harden the DNS infrastructure for years and years, a DOS attack was made pretty much moot.
Posted by: Sxooter_z   Posted on: 02/09/07 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Ever wonder why?  Graham Fluet | 02/06/07
Notice, thse servers do NOT run Windows.  DonnieBoy | 02/07/07
Notice these (sic) servers do NOT run Mac OS X Server  Confused by religion | 02/07/07
Stupid Responses  Free_Thinker | 02/07/07
Re: Stupid Responses  Uncle Buck | 02/07/07
My retort was a rebuke to DonnieBoy...  Confused by religion | 02/07/07
Umm...  jjarman | 02/07/07
not so much...  doas777 | 02/07/07
huh? attack doesn't vary but response and ability to handel does!  jjarman | 02/07/07
Thanks. There are some think you could throw up any old OS and it would not  DonnieBoy | 02/07/07
Oh puh-LEEZE!  James T. Kirk | 02/07/07
poor janeway and cisco...  jjarman | 02/07/07
So, in your opinion...  Confused by religion | 02/07/07
Jeez, Milly... it was a joke.  James T. Kirk | 02/07/07
My bad!  Confused by religion | 02/07/07
Excuse me, the OS for a critical part of the internet is VERY important,  DonnieBoy | 02/07/07
I agree.  swoopee | 02/08/07
OSX would make a great server OS for DNS, but there is limited hardware  DonnieBoy | 02/07/07
These servers run...  ehwood | 02/10/07
What the servers run...  Raymond Danner | 02/07/07
o.s. obsession/prejudice  RDrr | 02/07/07
A practice run?  the_doge | 02/07/07
TCP/IP  doas777 | 02/07/07
Practice Run  shealanon@... | 02/07/07
DRDoS  ehwood | 02/10/07
Thank you , Z-Dnet, ...  bob in FL | 02/07/07
CNET is NOT a real-time monitoring site  sfortuna@... | 02/07/07
Michael A. Redwine  michael.redwine@... | 02/07/07
So what is a work around?  LittleGuy | 02/07/07
won't work  doas777 | 02/07/07
Alternate DNS Service?  pj_mouse | 02/07/07
Nope, they too have to get the updated information from the root servers.  DonnieBoy | 02/07/07
...my ISP's DNS has too many problems.  swoopee | 02/08/07
THE SERVER ATTACK COULD BE STOPPED  BALTHOR | 02/07/07
contraversy  doas777 | 02/07/07
The UN could pass a resolution... next year NT  rgranger | 02/07/07
Lordy, lordy...  Mr_Wizard | 02/07/07
Suppose the servers do go down.  interested_amateur@... | 02/07/07
DNS is a distributed system  swoopee | 02/08/07
pretty much  kamahl928 | 02/08/07
DNS under attack all the time  Sxooter_z | 02/09/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement
  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More