Sitefinder and DDoS
Howard C. Berkowitz
hcb at gettcomm.com
Thu Oct 9 17:35:17 UTC 2003
Let's assume for a moment that Verisign's wildcards and Sitefinder go
back into operation.
Let's also assume someone sets up a popular webpage with malware HTML
causing it, perhaps with a time delay, to issue rapid GETs to
deliberately nonexistent domains.
What would be the effect on overall Internet traffic patterns if
there were one Sitefinder site? (flashback to ARPANET node
announcing it had zero cost to any route)
How many Sitefinder nodes would we need to avoid massive single-point
congestion?
AFAIK, the issues of distribution of Sitefinder, and even a formal
content distribution network, were not discussed. I asked some
general questions that touched on this at the ICANN ISSC committee
meeting, but I think they were interpreted as directed toward the
reliability of the Sitefinder service in operation, rather than
potential vulnerabilities it might create.
I am NOT suggesting this simply as an argument against Sitefinder,
and I'd like to see engineering analysis of how this vulnerability
could be prevented.
More information about the NANOG
mailing list