Shumon Huque writes: > Section 8, para 4: Is there a reference for the 'so-called Water Torture > attacks'? As a native English speaker, I know what that means, but it > isn't > clear to me that others will understand. > > Let me see if I can find one. I did request a reference from the DNSOP > colleague who originally suggested that we cite this attack - I don't think he > was able to find one.
Personally I've never liked the "water torture" moniker, or its alternative "slow drip" appellation, as they don't feel particularly apt as a metaphor. I prefer the more descriptive "pseudorandom subdomain attack". That said, I believe it was first publicly described as Slow Drip / Water Torture in a presentation by Kei Nishida at APRICOT 39 in 2015, though the first observations of the resolver exhaustion technique were made by Ziqian Liu in a presentation to DNS-OARC in 2009 (though without calling out the random subdomain component, which maybe wasn't in play at the time). Kei Nishida presentation: https://conference.apnic.net/data/39/dnswatertortureonqtnet_1425130417_1425507043.pptx https://www.slideshare.net/slideshow/dnswatertortureonqtnet-1425130417-1425507043/45445438 Ziquian Liu presentation: https://www.dns-oarc.net/files/workshop-200911/Ziqian_Liu.pdf For an academic reference with a durable URL that describes it, Xi Luo, et al, published "A Large Scale Analysis of DNS Water Torture Attack " with the ACM in 2018, https://dl.acm.org/doi/pdf/10.1145/3297156.3297272 Personally I think I'd reference the Kei Nishida work as the first indication of the method for resolver resource exhaustion by using random non-existent subdomains, but use the pseudorandom subdomain attack term. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
