[nsp-sec] NetSol / WorldNIC nameservers continue to be down
Bill Woodcock
woody at pch.net
Sun Jan 25 07:22:26 EST 2009
On Sun, 25 Jan 2009, Joe Abley wrote:
> On 23 Jan 2009, at 16:32, Bill Woodcock wrote:
> > NetSol servers are receiving valid UDP/53 queries
> All servers, or some servers? J-root servers, A-root servers, GTLD severs,
> or some or all of the above?
NetSol, not Verisign, so none of the above. These are servers which serve
end-user domains which are registered with Network Solutions, the
registrar, and not otherwise hosted on the users' own nameservers.
> Reflection attack, or a straight client
> attack? Details would aid investigation.
Straight client attack, however the source addresses were very widely
distributed, and the attack died down during the night after everybody
started posting about it, which was about the time they'd gotten code
written to try to distinguish attack packets from normal packets, so we
weren't able to determine whether it was a replay of normal source-address
distribution, or whether it was random forged sources, or valid sources.
Sorry about that.
-Bill
More information about the nsp-security
mailing list