Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers' Upend DNS

Posted by CmdrTaco on from the cat-and-mouse dept.

Saint Aardvark writes "eWeek reports on the latest trick of spammers: getting around DNS-based lookups. By registering a domain *after* the spam goes out advertising it, they can get around blacklists. However, that causes all sorts of problems for ISPs and anti-spam services. Paul Judge, CTO at Ciphertrust, says "Even in large enterprises, it's becoming very common to see a large spam load cripple the DNS infrastructure.""

6 of 304 comments (clear)

  1. Wanted: DNS geek by RealityMogul · · Score: 3, Interesting

    When a DNS query goes to an ISPs DNS server, and the entry does not exist, does it go to the root servers?

    Secondly, do invalid domain names get cached (I'm thinking not)?

  2. Re:That's not the sky falling... by Anonymous Coward · · Score: 3, Interesting

    The problem with DNS is that it is very slow, and does a lot of things that make lookups too slow and unreliable.

    Looking up www.name.com should take no more than three DNS lookups with an empty cache (To root: "com" DNS server has IP 10.1.2.3; to 10.1.2.3: "name.com" has DNS server with IP 10.2.3.4; to 10.2.3.4: "www.name.com" has IP 10.3.4.5). However, because of DNS' poor design, it doesn't work that way; it can take dozens DNS lookups from an empty cache to get "www.name.com".

  3. Auto-register domains by crow · · Score: 5, Interesting

    Some anti-spam group should set up a spam filter that looks for domain names, and registers any that it sees that aren't valid. They would point to a web site that politely explains to users how stupid they are for clicking on a link in spam.

    I expect spammers would drop that technique quite quickly if that were done.

  4. Re:Thats a nice stunt by Kissing+Crimson · · Score: 4, Interesting

    Yup. If it shouldn't come in, and it can't be returned, drop it on the floor.

    So often times my (l)users ask me why they received an email saying their computer is infected with a virus (bogus bounces due to a virii changing their source addresses)

    My servers drop anything that doesn't seem right: virus infections, RBL tagged connections, obviously forged senders, etc. When a message gets delivered to the bit bucket; no more processing, no more network traffic, no more (l)user complaints.

    And I never get a complaint.

    --
    What's that smell? Ah, that's my karma burning...
  5. Re:So which is going to come first... by TFGeditor · · Score: 3, Interesting

    ..."the wholesale abandonment of email as a viable communication platform?"

    And the alternative with the same capabilities is...?

    --
    Ignorance is curable, stupid is forever.
  6. Re:Thats a nice stunt by networkBoy · · Score: 3, Interesting

    Overall I agree with this, but my concern is that if you parse the message and find invalid url's then a valid message will be dropped because of a malformed text string. While I suppose that's better than letting more spam through, I would be uneasy about the increase in false positives.
    -nB

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump