Re: random dns queries with random sources

[Joe Maimon <jmaimon () ttec com>]

Dobbins, Roland wrote:
> On Feb 19, 2014, at 12:48 PM, Joe Maimon <jmaimon () ttec com> wrote:
>
> > What I cant figure out is what is the target and how this attack method is any more effective then the others.
>
> The target appears to be the authoritative servers for the domain in question, yes?

I dont think so, but I have not compiled the full list of domains and 
compared the auth servers for each.

> The attacker may consider it more effective because it provides a degree of obfuscation, or maybe he has some reason to 
> game the operators of the authoritative servers in question into denying requests from your recursors.
>
> Most (not all) attackers don't know that much about TCP/IP, DNS, et. al, and they tend to copycat one another and do 
> the same things due to magical thinking.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>
>
>           Luck is the residue of opportunity and design.
>
>                        -- John Milton