[Seems my posting yesterday wasn't far from the mark] (CERT Carnegie Mellon, 28 April) CERT/CC issued Incident Note IN-2000-04 regarding denial of service (DoS) attacks using nameservers. According to the report, CERT/CC has received an increasing number of reports of intruders using nameservers to execute packet flooding DoS attacks. The most common method CERT/CC has seen involves an intruder sending a large number of UDP-based DNS requests to a nameserver using a spoofed source IP address. Any nameserver response is sent back to the spoofed IP address as the destination. In this scenario, the spoofed IP address represents the victim of the denial of service attack. The nameserver is an intermediate party in the attack. The true source of the attack is difficult for an intermediate or a victim site to determine due to the use of spoofed source addresses. CERT/CC has seen intruders utilize multiple nameservers on diverse networks in this type of an attack to achieve a distributed DoS attack against victim sites. Additional details, including impact and possible solution, can be found at <http://www.cert.org/incident_notes/IN-2000-04.html >. IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
