ICANNWatch
 
  Inside ICANNWatch  
Submit Story
Home
Lost Password
Preferences
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
ICANNWatch FAQ
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)


     
    This discussion has been archived. No new comments can be posted.
    Site Finder: Here We Go Again? | Log in/Create an Account | Top | 11 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Threshold:
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    What, no sitefinder.verisign.com for DDoS attacks?
    by fnord (groy2kNO@SPAMyahoo.com) on Tuesday February 10 2004, @11:56PM (#12967)
    User #2810 Info
    Perhaps VeriSign intends to host sitefinder elsewhere, rename it, or whatever, so that those planning DDoS (distributed denial of service) attacks at least don't get prior warning of where it is going to reside, they'll have to code that in at the last minute.

    If you want to crash the net, VeriSign's sitefinder is probably the best single point of failure available. Do a DDoS attack (as is now [netcraft.com] happening to microsoft.com thanks to DoomJuice, MyDoom's devil offspring, or do you think VeriSign is much more robust and resilient than MicroSoft?) on a non-existent domain, or even include a randomizer that hits numerous almost certainly non-existent domains, eg: 2398s7fjer97vkjx87wqr.com, repeatedly and rapidly, and now multiply that by tens of thousands of zombies, watch the caches fill up, and see the BIND servers fall right over.

    Not that those prone to launching DDoS attacks have anything against sitefinder, they get a kick out of inconveniencing sysadmins and other propheads, so they probably also get a kick out of sitefinder, heck, they're probably envious. But DDoSing the net might just prove too tempting to some script kiddee.

    An additional benefit of doing it this way is, what happens if you get caught? Can you even be charged for a DDoS attack on a non-existent address? One can hear the defense lawyer now:

    Ladies and Gentlemen of the Jury, my client [who is under the age of majority, so probably the worst he's looking at even if found guilty is probation due to the jurisdiction in which he resides, and while he could be sued for the $billions in damages, his parents have cut off his allowance, even his lawyer is acting pro bono, with the exception of a hefty cut of the movie/book/T-shirt rights] didn't commit a crime like breaking into someone's home, despite what the Prosecution would have you believe. He is being accused of kicking in the door at this address and we could all drive out there right now and all that you would see is that there is, and always has been, no-one residing at that address, it is, in point of fact, an empty lot.
    While they don't seem to care much for sitefinder going by their infrequent musings on the subject, one wonders if ICANN's somnolent Security and Stability Committee has even considered this aspect, which alone should be reason enough to have long since seen sitefinder classed as a Very Bad Thing. -g
    [ Reply to This | Parent ]
  • 1 reply beneath your current threshold.

  • Search ICANNWatch.org:


    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com