Linked by Thom Holwerda on Wed 7th Feb 2007 19:31 UTC, submitted by twenex
Internet & Networking Hackers Crackers have attempted to topple key parts of the internet's backbone, in one of the most significant attacks of recent years. The target was servers that help to direct global internet traffic. In the early hours of Tuesday three key servers were hit by a barrage of data in what is known as a distributed denial-of-service attack. There is no evidence so far of damage, which experts are saying is testament to the robust nature of the internet.
Thread beginning with comment 210457
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: DNS exploit
by butters on Thu 8th Feb 2007 05:55 UTC in reply to "RE: DNS exploit"
butters
Member since:
2005-07-08

Um ... BIND is a DNS server.

And it's an outstanding piece of code, too. One of my previous jobs involved using some static analysis software to analyze lots of system code. It's very picky and produces 50% false positives on a good day.

I was asked to run this tool on some open source code of my choice for comparison, and I happened to choose BIND. This resulted in zero "complaints" from the analysis tool, which I'd never seen happen for anything larger than a few thousand lines of code.

Taking a look, I found that the code is immaculate, highly structured, and defensive to the extreme. Every little function has a block of assertions at the top that list all of the preconditions and a block at the bottom to check the postconditions. It manages its own slab of memory using ultra-robust routines (because malloc just isn't hardened enough).

I came away with the sense that this is exactly the kind of code I would want running something so important as the Internet. Then I had to get back to work, so I scanned the FreeBSD kernel instead, and found a more usual distribution of bugs and weaknesses.

Reply Parent Score: 4

RE[3]: DNS exploit
by arunta on Thu 8th Feb 2007 06:11 in reply to "RE[2]: DNS exploit"
arunta Member since:
2006-05-16

butters, if you don't mind please post the name of the tool...

Reply Parent Score: 1

RE[4]: DNS exploit
by butters on Thu 8th Feb 2007 18:52 in reply to "RE[3]: DNS exploit"
butters Member since:
2005-07-08

Sorry... I tried to convince them to open it up, claiming that the community would make a damn good frontend (which was sorely lacking), but no luck.

If you participate in an OSS project, please visit www.coverity.com -- They have the world's most advanced static analysis tool and provide licenses free of charge to any OSS project. It's significantly better than the tool I was using, but my attempts to push a licensing deal stalled because they wanted millions of dollars. Various happy OSS users include the Linux kernel, Apache, and FreeBSD, as well as Solaris, Oracle, and many other proprietary customers. It's based on a research project out of Stanford and has really grown into something special. They can do stuff with static analysis that many previously thought were impossible, such as detecting race conditions and deadlocks.

Reply Parent Score: 2