-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Radu
Hociung
Sent: Wednesday, March 23, 2005 3:21 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: DNS load research
Scott Kitterman wrote:
:) Oh, it will survive and get stronger. but in the meanwhile I think it
will experience 'the plague'. I don't wish to imply that SPF is a
plague, far from it, it's very useful, but it does have some serious
problem that most people are happy to overlook, in the hopes that when
we have to deal with them. Hope is not a method! ;)
Or perhaps not overlook, but came to a different conclusion
than you. DNS
load, DDoS, and security have been regular topics of discussion
for the year
I've been on this list. I think it's something we need to
watch, but not
the potential disaster that you forsee.
I'm sure the problem is my twisted sense of logic ;)
Why don't you Scott, explain to us the worst possible scenario that
_you_ can imagine for a virus that wants to do the most damage to the
Internet by using SPF.
I said "damage to the Internet" on purpose, because the DNS is the
mission-critical Internet protocol without which the 'Net' would just be
a bunch of computers tied together with a wire. But perhaps I'm wrong
about this too.
Thanks.
Is DNS potentially subject to DDoS? Yes.
If someone wanted to write a virus that queried DNS for a large number
queries and they wanted to make it look like it was SPF that was doing it,
they could. No mail need be involved, just lots of queries from various
compromised machines.
Simple enough...
Get a spammer list of e-mail addresses and then have your virus start
querying DNS for TXT, MX, A, and PTR records from the domains on the list.
Come up with the virus writer's trick of the day to get it to spread and
things could get ugly.
That's really all it would take if deployed on enough machines.
Now, except for TXT being on the list, what does this have to do with SPF?
Not much.
Your turn:
What's the difference between this non-SPF attack and your SPF attack?
DNS has vulnerabilities. SPF didn't create them. SPF doesn't particularly
amplify them.
If you want to work on making DNS more resistant to DDoS, I think that's an
excellent subject that could use work (NOTE: this is not sarcasm), but it's
really not an SPF issue per say. I think it might be more fruitful to work
in more DNS oriented forums to that end.
Scott Kitterman