RE: Stopping name server abuse

Wed, 27 Jun 2018 14:42:55 -0700 

IANAL, but even if one considers this scenario to constitute a DDoS attack, and 
there is plenty of case law supporting prosecution under CFAA (Computer Fraud 
and Abuse Act) for DDoS attacks, CFAA generally requires *intent*, and this 
appears to be simple negligence.

"Trespass to chattel" might be another possibility, but only as a civil (not 
criminal) complaint. And one would have to prove damages, which might be 
difficult to assess, or simply _de_minimis_.

                                                                                
                        - Kevin

-----Original Message-----
From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Barry Margolin
Sent: Tuesday, June 26, 2018 10:42 AM
To: comp-protocols-dns-b...@isc.org
Subject: Re: Stopping name server abuse

In article <mailman.87.1529956879.803.bind-us...@lists.isc.org>,
 Paul Kosinski <b...@iment.com> wrote:

> Somebody who has irresponsibly (and apparently wantonly, given his 
> refusal to fix it) delegated his domain(s) to your DNS server is 
> essentially causing a (modest bandwidth) distributed denial of service 
> attack on your server. I don't think that the "responsible" thing to 
> do is to sit there and suffer from a significantly increased load.

Good luck getting him prosecuted under any kind of computer abuse law. 
That would be like calling the cops on a sibling who is poking you, claiming 
that it's assault.

> What should be done is to get the domain(s) revoked if the owner 
> continues to refuse to remedy the problem: it is *he*, not you, who is 
> being irresponsible. And if the queries are coming via an innocent 
> ISP's resolver, then they are inadvertently assisting in the attack, 
> and should be contacted and asked to help in the remediation. (Note 
> that *their* resources, as well as yours, are being wasted.)

I doubt any ISPs will do anything about it. It's probably negligible relative 
to their total DNS volume, and would be more trouble than it's worth to add 
filters to block it.

The domain registrar is the place to go, I expect most of them have standard 
procedures for exactly this problem.

--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to