By Dan Goodin in San Francisco
10th February 2009
A sustained cyber-attack against a handful of niche pornography sites
has demonstrated a novel way to inflict major damage on hardened targets
using a modest amount of data, a security researcher has warned.
The technique - which tricks the net's authoritative name servers into
bombarding innocent victims with more data than they can handle - is
growing increasingly common, and it's likely only a matter of time
before commercial attack kits add it to their arsenal, said Don Jackson,
a researcher with Atlanta-based security provider SecureWorks. He also
warned there is no easy fix because any remedy will potentially require
settings for millions of DNS, or domain-name system, servers to be
The ongoing attacks on several sites related to transvestite porn work
by sending hundreds of thousands of domain name servers a steady stream
of packets that contain little more than the character "." The queries,
which are forged so they appear to have been sent from sites such as
ladyboydolls.com and triplexbonanza.com, prompt the DNS servers to
respond to the targets with a list of the internet's root servers,
responses that contain about eight times more data than the initial
"The amplifiers in this attack are name servers configured to what is
considered best practices," Jackson told The Register. Preventing the
attack will require administrators to make changes to the software
running each vulnerable DNS server on the internet, he added.
Best Selling Security Books & More!