Sitefinder and DDoS

Let's assume for a moment that Verisign's wildcards and Sitefinder go
back into operation.

Let's also assume someone sets up a popular webpage with malware HTML
causing it, perhaps with a time delay, to issue rapid GETs to
deliberately nonexistent domains.

What would be the effect on overall Internet traffic patterns if
there were one Sitefinder site? (flashback to ARPANET node
announcing it had zero cost to any route)

How many Sitefinder nodes would we need to avoid massive single-point
congestion?

  you may wish to review/examine the AS112 project
  materials. I used to run the single instance of
  the authoritative DNS service for RFC 1918 space.
  We were periodically hammered and discovered an
  interesting "local" optimization from one vendor
  who did not respect the "negative-caching" timers.
  
  The upshot was that the normal "blow-the-bolts"
  tactic that usually compartmentalizes failures
  actually aggrevated the problem.

  The single instance was migrated to the anycast
  model under the AS112 folks.
  

I am NOT suggesting this simply as an argument against Sitefinder,
and I'd like to see engineering analysis of how this vulnerability
could be prevented.

--bill

> Let's also assume someone sets up a popular webpage with malware

HTML causing it, perhaps with a time delay, to issue rapid GETs to
deliberately nonexistent domains.

You don't even have to imagine that.

Imagine a long-term port 80 Denial of Service (DoS) attack against a
given website (using the website url rather than IP, which is not
uncommon).

Imagine the attacked domain administrator removes their DNS records
from the registry to alleviate the attack.

The attack is now directed at the Verisign Sitefinder service.

    Adam

OUCH. Yet worse.

Howard C. Berkowitz wrote:

The attack is now directed at the Verisign Sitefinder service.

    Adam

OUCH. Yet worse.

This would be the son-of-windowsupdate.com, right?

Pete