Re: [FD] DDos Attack To Drop The Internet
Given enough bandwidth and a unique idea, anything is possible, it is
true.
You provided a 2MB text list of DNS servers, approximately 200,000 of
them. They sit across most of the v4 IP ranges available (and some IPV6
ones). This means upstream links won't likely be saturated, and
filtering can likely be done on the server based on heuristics.
If you're going to ask for 100% random non-existent domains you're easy
to beat - if( failed_request() > 99% ) { drop_packet() }. If you're
going to ask for TLDs that exist, they're already cached by anyone
running a half-decent server, and they're going to send you elsewhere.
You might cause issues for individual downstream ranges as people get
heavy-handed with filtering, but you've included google's servers in
there and I'm guessing the roots are there too. They're anycast and
backed by some crazy bandwidth.
Of course it might work once, for a short time, but you've just told
some spectacular engineers out there to think about this problem, and
they've definitely already considered it ;)
James
On Tue, 6 Oct 2015, at 01:39, Jeffrey Roberts wrote:
> If you were to have a botnet which were to flood random DNS queries
> for domains that did not exist to the list of DNS servers hosted on
> http://public-dns.tk/nameservers-all.txt then the root dns servers and
> the tld dns servers would be overwhelmed without any way to filter the
> packets, if they were to filter the packets of the DNS servers, they
> themselves would be turning off DNS, hence they can not do that... If
> the botnet only hits the DNS servers on the list a few times,
> filtering those packets would be insignificant. This attack should in
> essence turn off DNS for the world, hence, turning off the internet as
> the public knows it today.
>
> --
> - Jeff
>
> ___
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] Java 8u40 released: why?
Nick, Nowhere in the quoted text or my comments did it say it was a forced option, only that it “appeared” in the update; this thread started with questions as to whether there was any actual changes with the version bump, and I was offering a possibility. James On 8 March 2015 at 9:07:41 am, Nick FitzGerald (n...@virus-l.demon.co.uk) wrote: James Hodgkinson wrote: Maybe the major change is that they're including the Ask toolbar in all releases now, not just the windows one? :) Indeed! The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac running that latest release of OS X, the installer added an app to the current browser, Chrome version 41... So you did not notice the explanation that this would happen, right there on the continue the install permission dialog? The one we can see a screenshot of at, say: https://grahamcluley.com/2015/03/oracle-java-mac/ Your description rather strongly implies that you have no choice in getting the Ask toolbar, which is untrue. I understand that Mac users will likely not be _accustomed_ to such permissions for _additional_ software, over and above the actual software that they thought they were installing, being requested, BUT unlike your description above and Ed Bott's at ZDNet (referenced in another post in this thread), the user is actually given the choice to not install the extra offer. Of course, questions as to the desirability of the option being pre-selected, and the possibly less than fully transparent directions about the necessity of the offer are much the same with the Mac version and the Windows version, whose permission dialog you can see here: http://i.imgur.com/82Tp2pp.png?1 Regards, Nick FitzGerald ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/ ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/
Re: [FD] Java 8u40 released: why?
Maybe the major change is that they’re including the Ask toolbar in all releases now, not just the windows one? :) The unwelcome Ask extension shows up as part of the installer if a Mac user downloads Java 8 Update 40 for the Mac. In my tests on a Mac running that latest release of OS X, the installer added an app to the current browser, Chrome version 41 … James On 7 March 2015 at 7:39:32 am, Guy Dawson (g.daw...@crossflight.com) wrote: My reading of the first WWW page is that only Java SE 7 u75/76 contains security fixes and that there are no security fixes in Java SE 8 u40. On 4 March 2015 at 01:23, paul.sz...@sydney.edu.au wrote: I notice that Java (JDK, JRE) update 8u40 has been released. Though http://www.oracle.com/technetwork/java/javase/downloads/index.html says this release includes important security fixes, the release notes http://www.oracle.com/technetwork/java/javase/8u40-relnotes-2389089.html says the security baseline is 1.8.0_31 (unchanged). I do not notice any major useability issues fixed. So: why this out-of-band release? Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/ -- *Guy Dawson* IT Operations Manager Crossflight Limited, Calder Way, Colnbrook, SL3 0BQ *T* +44 (0) 1753 776104 | *W* crossflight.com [Terms and Conditions] http://www.crossflight.co.uk/Crossflight/aboutUs/legal.html -- All business is conducted according to Crossflight Limited's Standard Trading Conditions, copies of which are available on request or via our website at www.crossflight.com ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/ ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives RSS: http://seclists.org/fulldisclosure/
