Security Incidents mailing list archives
[no subject]
From: David Knaack <dknaack () RDTECH COM>
Date: Fri, 27 Oct 2000 17:07:14 -0500
From: "Abe Getchell" <agetchel () KDE STATE KY US>
If all of Mirror Image's sites are 'sending out an RTT packet' to our DNS servers after it receives a name resolution request, wouldn't we be seeing one connection coming from multiple IP addresses instead of multiple connections from one IP address?
Perhaps the multiple sites spoof the source address so that the replies all go back to a common point for analysis? That would eliminate a step in the process of compairing the various available routes to the server, and therefore provide a bit faster reply to the DNS query. DK
Current thread:
- [no subject] Abe Getchell (Oct 28)
- [no subject] David Knaack (Oct 31)