[nsp-sec] Abnormal increase of DNS query around 13:00 ~ 15:00 (GMT +00:00) May 19th ?
Sean Donelan
sean at donelan.com
Fri May 22 08:03:28 EDT 2009
On Fri, 22 May 2009, Yonglin ZHOU wrote:
> This incident reminds us to pay attention to the vulnerability of
> online working software. They may not have a flaw in the code but they
> may have inappropriate networking mechanism.
It sounds similar to what happened when microsoft.com was expired a
number of years ago, and the constant repeated queries against higher name
servers looked like a DOS attack. I thought most DNS code was improved
with negative caching to reduce the problem. Was the "fixed" code not
widely implemented in China or did the fix not work?
More information about the nsp-security
mailing list