random dns queries with random sources

• Previous message (by thread): random dns queries with random sources
• Next message (by thread): random dns queries with random sources
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 19, 2014, at 12:48 PM, Joe Maimon <jmaimon at ttec.com> wrote:

> What I cant figure out is what is the target and how this attack method is any more effective then the others.

The target appears to be the authoritative servers for the domain in question, yes?

The attacker may consider it more effective because it provides a degree of obfuscation, or maybe he has some reason to game the operators of the authoritative servers in question into denying requests from your recursors.

Most (not all) attackers don't know that much about TCP/IP, DNS, et. al, and they tend to copycat one another and do the same things due to magical thinking.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

• Previous message (by thread): random dns queries with random sources
• Next message (by thread): random dns queries with random sources
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]