Viral DNS Attack, DDos Idea
Major Variola (ret.)
mv at cdc.gov
Fri Aug 15 13:19:28 PDT 2003
Suppose malware appends a bogus entry to an infected machine's
/etc/hosts (or more likely, MSwindows' \windows\blahblah\hosts file).
(This constitutes a DNS attack on the appended domain name, exploiting
the local hosts' name-resolution prioritization.)
If the appended IP address points to the
same victim (66.66.66.66) on all the virus-infected machines, and the
appended
(redirected) domain name is popular ("google.com" for instance) then you
get a
DDoS attack on the appended IP host 66.66.66.66 that grows as the
viral infection spreads in the population. You also get a DDoS on the
popular
domain name ("google.com") you've redirected.
If the victim IP address were a router just upstream
of the victim domain name, its extra fun for the victim
domain --not only are they unavailable on infected machines, but clients
pound their upstream when they try to connect.
Thoughts? Has this ever been suggested or implemented?
---
In "The Wild One" bikers mount a DoS attack on a router: her name is
Dorothy and she works at a plugboard. ca 1954
More information about the cypherpunks-legacy
mailing list