Slashdot Mirror

← Back to Stories (view on slashdot.org)

W2K and MAC OS9 Flood Root Nameservers?

Posted by ryuzaki0 on from the unintentional-dos dept.

wizzy writes "Irelands toplevel domain registry has a notice on Microsoft and Apple DHCP clients sending dynamic DNS updates per RFC2136. The problem is they are not sufficiently careful about where they send it if they are in RFC1918 space - usually used for behind-firewall addressing, which is where they usually are.. This is resulting in bogus updates being sent at the rate of nearly one million an hour to root nameservers, only to be rejected - as reported on the NANOG mailing list."

13 of 238 comments (clear)

  1. Upgrade time! by JHromadka · · Score: 3, Funny

    With Photoshop 7 out and this, now Mac OS9 users have an even better reason to upgrade to OS X - "to save the Internet." :)

    --
    "The objective of securing the safety of Americans from crime and terror has been achieved." -- John Ashcroft
  2. Well, of course Microsoft did... by heyetv · · Score: 1, Funny


    Their name servers are under the "IE" domain...

  3. Too many links! by FattMattP · · Score: 2, Funny

    Christ! Which link is the real story?

    --
    Prevent email address forgery. Publish SPF records for y
  4. Initially diagnosed as the "slashdot effect" by ChanxOT5 · · Score: 2, Funny

    The root nameserver's initially thought that they'd been linked to by /. daily, but then realized that nobody cared about them :)

  5. Microsofts answer by caluml · · Score: 3, Funny

    A Microsoft spokesman said, "Thing is, is that those root nameservers would all be fine if they were running Win2K DNS services. " :)

    --
    Get your own free personal location tracker
  6. Re:this is a bit complex for me.. by blixel · · Score: 4, Funny

    why is this the first time that anyone's noticed this?

    You think that just because you read this article on Slashdot today that it was "just noticed" as of yesterday or something?

  7. MS-DOS by sarcast · · Score: 5, Funny

    Hasn't MS had this around for a while now?

    They even called it MS-DOS...oh wait, that was Disk Operating System...nevermind.

  8. Re:Popular domains by Jester998 · · Score: 2, Funny

    They don't even have to be popular domains.

    Back In The Day(tm) when I was first setting up my home network, I didn't know jack shit about DNS. I knew it resolved names to IP addresses, but I didn't _really_ understand how it all worked. So I figured... I'm on a network, and it's local, so my domain is gonna be 'local.net'. Worked great. Then one day I got a flash of inspiration... 'whois local.net'. A *real* domain record came back with that domain name. Whoops. I very quickly changed everything over to 'local.lan' instead, before I caused any headaches. ;)

    - Jester

  9. Solution by standards · · Score: 2, Funny

    Here's the solution:

    1. Upgrade to Mac OS X. It's so cool.
    2. People use W2k on the internet? Is that safe???

  10. New Ad Campaign by Shriek · · Score: 2, Funny

    Who do you want to flood today?

  11. Re:Great. Yet Another Bandaid by lunky · · Score: 2, Funny

    What exactly is your complaint about firewalls?

    Do you think that firewalls are a bad thing? ....because they are hard to configure?

    >The only purpose of firewalls seems to be to accomodate people who can't be bothered switching to DHCP.

    Is this a joke?

    --
    lunky> c++; lunky> do{;}
  12. Frequency by rant-mode-on · · Score: 4, Funny

    How often does Win2K register these ip addresses? Is it once an hour or so, or is there really a million win2k boxes being rebooted every hour?

  13. in-addr.arpa bogus queries - a Funny Story by drwho · · Score: 2, Funny

    I am an administrator for some IP space assigned but not ever routed. Several years ago, I was wondering where the hell all my bandwidth was going and found a lot of it was for DNS traffic trying to resolve IPs in that space. This was very odd, considering that it wasn't routed. These were at the rate of about 10 per second per IP address, and there were about 80 addresses two servers were querying for, for a total of 1600 requests per second. Now, there was no DNS server running on the host that these requests were going to so they were send port unreachable messages.

    Evidently what was going on was this large corporation was using MY IP space internally, but they weren't making their DNS servers authoritative for it, so the DNS servers went to the Internet (and to me) for resolution. Something somewhere was configured wrong and so they retried constantly.

    I firewalled these DNS servers out, but not before I composed email to the whois contact at the big corporation telling them to fix this stuff. They ignored me (yes I made sure their SMTP sending host was not blocked). Firewalling didn't fix the problem, only kept my server from sending port unreachable messages. The queries from the big stupid corporation's network were only getting worse. I was getting really pissed off.

    So I put up a DNS server up on that host, and made entries for every single IP (I was using bind, which is too stupid to have default responses). And I had fun, with obscene and abusive DNS names for every host, and forward resolution to match (in a silly domain also routed to the same dns server) -- and the highest possible TTL! Problem solved!

    The funny thing is that this staid corporation was now seeing all sorts of nasty names on their internal servers...BAH HA HA.

    The abuse stopped. Hopefully, someone was fired. Now we know that they will never attack me again in this way: you see, that abusive network belonged to Enron :)

    I actually let them off the hook easily. I had, at this point, control over data being returned to servers well firewalled away. Servers that probably had ancient resolvers that had buffer overflows in their DNS resolvers. High level servers that could have been r00ted straight through the firewall.

    moral of the story: don't leave dns work to weenies. You may be surprised at the results.