nanog mailing list archives
Re: random dns queries with random sources
From: Joe Maimon <jmaimon () ttec com>
Date: Wed, 19 Feb 2014 01:11:28 -0500
Dobbins, Roland wrote:
On Feb 19, 2014, at 12:48 PM, Joe Maimon <jmaimon () ttec com> wrote:What I cant figure out is what is the target and how this attack method is any more effective then the others.The target appears to be the authoritative servers for the domain in question, yes?
I dont think so, but I have not compiled the full list of domains and compared the auth servers for each.
The attacker may consider it more effective because it provides a degree of obfuscation, or maybe he has some reason to game the operators of the authoritative servers in question into denying requests from your recursors. Most (not all) attackers don't know that much about TCP/IP, DNS, et. al, and they tend to copycat one another and do the same things due to magical thinking. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- Re: random dns queries with random sources, (continued)
- Re: random dns queries with random sources Anurag Bhatia (Feb 19)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources Christopher Morrow (Feb 18)
- Re: random dns queries with random sources Christopher Morrow (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources sthaug (Feb 19)
- Re: random dns queries with random sources Christopher Morrow (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources George Herbert (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources Owen DeLong (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources sthaug (Feb 19)
- Re: random dns queries with random sources Dobbins, Roland (Feb 19)
- Re: random dns queries with random sources Simon Perreault (Feb 19)
- Re: random dns queries with random sources Tempest (Feb 19)
- RE: random dns queries with random sources Beeman, Davis (Feb 19)