On Sun, 2005-10-30 at 16:25 +0100, Florian Weimer wrote:
Manipulating the DNS of a popular service can lead to clients sending
requests to a different address, which can also constitute a massive
distributed attack (see Blaster.E, for example). In a sense, this
attack belongs to a class which doesn't seem to be covered by the
document: reflection through client-side redirection. For example,
the attacker rents ad space on a high-volume site (or compromises the
load balancer in front of the ad-server farm), and places a couple of
hyperlinks there to the attacker's site.
The renting ad space and linking to victim's site example would not be
manipulating DNS in any way so would not be relevant to the mentioned
document.
However attacks involving redirection through compromising a load
balancer do relate to DNS and therefore probably should be covered.
--
Jasper Bryant-Greene
General Manager
Album Limited
e: jasper(_at_)album(_dot_)co(_dot_)nz
w: http://www.album.co.nz/
b: http://jbg.name/
p: 0800 4 ALBUM (0800 425 286) or +64 21 232 3303
a: PO Box 579, Christchurch 8015, New Zealand
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf