Maintained by: NLnet Labs

[Unbound-users] Random subdomain flood query

Kevin Chadwick
Thu Apr 2 14:52:05 CEST 2015


On Thu, 2 Apr 2015 02:34:48 +0900
Daisuke HIGASHI wrote:

> > The only other option is to persuade the users of  the compromised machines
> > to clean their systems.  
> 
> I agree.

Which isn't going to happen unless idiots all get chrome books assuming
the update situation their is better than android, which isn't going to
happen because Windows still has third party support others don't and
the Win7 kernel onwards actually has more security features than Linux
or Freebsd but not openbsd or grsec linux. Not to mention out of date
firmwares on phones that laughably are now being branded as a cool
feature by ubuntu mobile (one-time update marketing rubbish). Oh and
those security features that the Win7 kernel now has can't work with
JAVA.

What is the attackers motivation, amplification? If that's true? then
amplification is the real issue and SSL everywhere has a similar
perhaps more dangerous issue that can be fixed as it was with TCP
handshakes sending more than one ACK, the current implementations are
wrong and will now take time to phase out and the sooner that starts the
better.

****The client should have to do more work than he causes****.