random dns queries with random sources

Dobbins, Roland rdobbins at arbor.net
Wed Feb 19 03:46:39 UTC 2014

On Feb 19, 2014, at 10:32 AM, Joe Maimon <jmaimon at ttec.com> wrote:

> How is this any more effective then sending it direct?

If they're attacking the authoritative DNS servers for 5kkx.com, just reflecting gives them indirection and presumably makes traceback harder for 5kkx.com (at least, in the minds of the attackers).

Or maybe they're trying to game 5kkx.com into blocking requests from the recursive servers in question, for some reason.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the NANOG mailing list