DNS noise

Jimmy Hess mysidia at gmail.com
Fri Apr 6 13:08:31 CDT 2012

On Fri, Apr 6, 2012 at 12:52 PM, PC <paul4004 at gmail.com> wrote:
> Of course you'd have to actually be running a poorly configured DNS server
> on that IP for this to work...

Right....  was that IP ever running a DNS service?

Picking random IPs to spoof and hope some of the random IPs happen to
be DNS servers
doesn't sound like a very "efficient" attack.    It seems like the
attacker would want to
'probe first'   before selecting innocent servers to reflect at

Perhaps 2 or 3%  of  the  possible random IPs on the internet actually
run DNS servers
that could possibly respond to spoofed queries?


More information about the NANOG mailing list