[dns-operations] Fwd: [AusNOG] Layer 7 - Distrusted Source (within a single AS) Distrusted Distention - Denial of Service Attack

Warren Kumari warren at kumari.net
Tue Oct 15 09:34:29 UTC 2013

On Oct 15, 2013, at 12:04 PM, Roland Dobbins <rdobbins at arbor.net> wrote:

> Damian Menscher <damian at google.com> wrote:
>> I'm curious if anyone knows the significance of that 7-byte string? 
> Absent any information to the contrary, my guess it's the sort of nonsensical padding we often see with synthetically-generated attack traffic, like the weird, malformed DNS semi-queries the attackers generated as the main volumetric component of the 'Operation Ababil' attacks (and targeted at Web servers, go figure). 
> If anyone has a more cogent explanation, I'd be grateful for clue, thanks! 

Well, if you XOR it with \x66\xcc\x36\x25\x36\x37 you get \x36\x36\x36\x2d\x36\x36\x36, which in ASCII is "666-666".  :-O And, even scarier, if you XOR the original string it with itself you  just get nulls…


People got very excited about the significant mathematical fact that its height plus its length divided by half its width almost precisely equalled 1.67563, or precisely 1,237.98712567 times the difference between the distance to the sun and the weight of a small orange. It was held that something like this could not ''possibly' have come about by chance.

(sorry, the presentation I'm currently listening to is very boring…)

> ---------------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

My memory is failing, so I changed my password to "incorrect".
That way, when I login with the wrong password the computer tells me… "Your password is incorrect".

More information about the dns-operations mailing list