Linked by Thom Holwerda on Wed 7th Feb 2007 19:31 UTC, submitted by twenex
Internet & Networking Hackers Crackers have attempted to topple key parts of the internet's backbone, in one of the most significant attacks of recent years. The target was servers that help to direct global internet traffic. In the early hours of Tuesday three key servers were hit by a barrage of data in what is known as a distributed denial-of-service attack. There is no evidence so far of damage, which experts are saying is testament to the robust nature of the internet.
Thread beginning with comment 210251
To read all comments associated with this story, please click here.
DNS exploit
by linuxh8r on Wed 7th Feb 2007 20:57 UTC
linuxh8r
Member since:
2006-01-09

Last time I checked more of the Internet's big DNS (and BIND) servers were running some variant of Unix.

I think it's time we question whether Unix is an appropriate platform for the Internet. This is not the first time this has happened, and if we keep using in-secure OSes for critical data then we get what we deserve.

Reply Score: -5

RE: DNS exploit
by raxtor on Wed 7th Feb 2007 21:12 in reply to "DNS exploit"
raxtor Member since:
2006-03-20

if we keep using in-secure OSes for critical data then we get what we deserve

Certainly. And you propose to use.. what?

Reply Parent Score: 1

RE[2]: DNS exploit
by eantoranz on Wed 7th Feb 2007 21:23 in reply to "RE: DNS exploit"
eantoranz Member since:
2005-12-18

Certainly. And you propose to use.. what?

<sarcasm>Vista!!!</sarcasm>

So... let's see. The DNS insfrastructure didn't even BLINK because of this DDoS but so unix should be gotten rid of cause it's not robust enough??? Huh??? Oh, man... I'd like to know what would have happend had it been any of the MS server variants. Had it been on, we would be surfing a cheap porn site when you asked for www.google.com!!! :-S :-D

Reply Parent Score: 5

RE: DNS exploit
by twenex on Wed 7th Feb 2007 21:22 in reply to "DNS exploit"
twenex Member since:
2006-04-21

I think it's time we question whether Unix is an appropriate platform for the Internet. This is not the first time this has happened, and if we keep using in-secure OSes for critical data then we get what we deserve.

You obviously didn't read the article. Yes, Unix runs most of the Internet. The article clearly points out that this sustained attack was a dismal failure. Yes, highly trained and competent people were involved in keeping it that way, but whatever the platform, you wouldn't want highly UNtrained and INcompetent people running the 'Net, would you?

As another poster said, I'd welcome your thoughts on any alternative that would be an improvement.

Reply Parent Score: 5

RE[2]: DNS exploit
by PLan on Wed 7th Feb 2007 21:24 in reply to "DNS exploit"
PLan Member since:
2006-01-10

...I think it's time we question whether Unix is an appropriate platform for the Internet. ...

If this can be construed as an OS problem, then it probably relates to unpatched Windows machines that were being used as zombies.

Reply Parent Score: 5

v RE[3]: DNS exploit
by linuxh8r on Wed 7th Feb 2007 21:54 in reply to "RE[2]: DNS exploit"
RE: DNS exploit
by openwookie on Wed 7th Feb 2007 21:49 in reply to "DNS exploit"
openwookie Member since:
2006-04-25

Last time I checked more of the Internet's big DNS (and BIND) servers were running some variant of Unix.


Um ... BIND is a DNS server.


I think it's time we question whether Unix is an appropriate platform for the Internet. This is not the first time this has happened, and if we keep using in-secure OSes for critical data then we get what we deserve.


Did you read the article? It had nothing to do with the OS that was running. It was a DOS attack. It doesn't matter what your OS is, if your pipe is full of illegitimate requests, then you're going to have a hard time servicing legitimate requests.

Reply Parent Score: 4

RE[2]: DNS exploit
by butters on Thu 8th Feb 2007 05:55 in reply to "RE: DNS exploit"
butters Member since:
2005-07-08

Um ... BIND is a DNS server.

And it's an outstanding piece of code, too. One of my previous jobs involved using some static analysis software to analyze lots of system code. It's very picky and produces 50% false positives on a good day.

I was asked to run this tool on some open source code of my choice for comparison, and I happened to choose BIND. This resulted in zero "complaints" from the analysis tool, which I'd never seen happen for anything larger than a few thousand lines of code.

Taking a look, I found that the code is immaculate, highly structured, and defensive to the extreme. Every little function has a block of assertions at the top that list all of the preconditions and a block at the bottom to check the postconditions. It manages its own slab of memory using ultra-robust routines (because malloc just isn't hardened enough).

I came away with the sense that this is exactly the kind of code I would want running something so important as the Internet. Then I had to get back to work, so I scanned the FreeBSD kernel instead, and found a more usual distribution of bugs and weaknesses.

Reply Parent Score: 4