[nsp-sec] Solution against attack shifting by redirecting domain name ?
Yonglin ZHOU
yonglin.zhou at gmail.com
Mon Jan 4 20:35:01 EST 2010
Dear colleagues,
Hope all of you enjoy the holiday well. Beijing was struck by a
heaviest snow since year 1951. The temperature is about -16 C in the
morning. Such a real winter :-).
Recently, we got several DDOS attack reports. We found that the
targets are not the one hacker meant to attack. Actually, the attacks
were shifted to some innocent site. For example: The attack aimed at
www.aaa.com. The owner of www.aaa.com can not handle it. For some
purpose, aaa.com owner change the domain to the IP of goooogle.com.
Then the DDOS traffic went to goooogle.com.
We have suggest the 'goooogle.com' to apply security policy on their
web server to block such abnormal packets on tcp/80. But, you know,
some times the ddos uses not only tcp/80.
Do you have any experience on such incidents?
Many thanks.
Yonglin.
CNCERT.
--
----------------- Enjoy the life --------------------
Yonglin ZHOU
Fix line: + 86 10 8299 0355 Fax: +86 10 8299 0399
Email: zyl at cert.org.cn, yonglin.zhou at gmail.com
-------------------------------------------------------------------------
More information about the nsp-security
mailing list