|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: Possible DOS against search engines?
Date: Mon Feb 03 2003 - 19:28:29 EST
Responses inline...
jasonk
> -----Original Message-----
> From: Rob Shein [mailto:shoten@starpower.net]
for
> clarity, and assume a decent webcrawler.
languages,
> enormous expanse, and endless misspellings, I think anything you could
Agreed; I imagine most other "words" would be already indexed as initials, abbreviations, etc etc
> > 2. You place that generator somewhere and submit the URL to
sites
> that link to each other? They notice this, and move on.
This can be addressed by a dynamic generator.
http://www.evilserver.com/dynamicwordgenerator/adsf97erncv
This page would link to a randomly generated series of characters that are all in the directory of /dynamicwordgenerator/ and hence the server just replies to anything in /dynamicwordgenerator/ with another dynamic random load of rubbish and a few more randomly generated links.
> > 4. Upon adding the gathered words to the search engine's
Irrelevant; if the search engines are so heavily overloaded, searches will take some time to trawl through huge databases. But as said above, it will be nothing more than a drop in the ocean.
> > - craft fake words so that they attack a specific hash
I don't understand this one ?
> This would be noticed by the search engine long before it became a
real
> problem, and it would be addressed. This is how they deal with many
means.
Yep.
> > - craft fake words so that they disbalance a b-tree
database
> and quickly address the issue. What about a bit of code that states
that
> if
> more then 5% of the words in a page are unique in the database, that
that
> page is dropped?
in
> my
> site. And if I didn't notice, my hosting provider would.
Dynamic. No lack of space, and no oddly-named pages. Ff it were a old vuln based worm such as the recent sql worm, I doubt that many of those admins would be looking at their logs...
> > Please note that the setup described differs from the
As you said, you'd have to have bandwidth -- though I don't see it
having the same effect on the internet as the sql worm did -- but as
spiders and the like are (and if they're not, they should be)
deliberately limited as to the rate of requests they make, there should
be little issue.
Another option to counter the issue of words is to use a dictionary and just pump random words in; this will clog the databases. Though you'd have to do it *mighty* quickly for them not to notice. I think google takes over a month before it ends up getting back to indexing the same site.
Maybe, since it's a worm, you'd have the 'source' web server installation which sends it's worm code to the 'destination' web server. Each time you get a successful infection, that address is added to the list of servers, and you can use this address to generate bad pages as well? So as well as www.evilserver.com generating pages, you've got some increasing number of servers doing so ... maybe as a side effect you'd increase the "backlog" of sites needing to be indexed. Again I doubt it'd be long before they noticed this.
> > Philip Stoev
> >
Received on Wed Feb 5 12:22:18 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |