random dns queries with random sources

Dobbins, Roland rdobbins at arbor.net
Wed Feb 19 05:53:42 UTC 2014

On Feb 19, 2014, at 12:48 PM, Joe Maimon <jmaimon at ttec.com> wrote:

> What I cant figure out is what is the target and how this attack method is any more effective then the others.

The target appears to be the authoritative servers for the domain in question, yes?

The attacker may consider it more effective because it provides a degree of obfuscation, or maybe he has some reason to game the operators of the authoritative servers in question into denying requests from your recursors.

Most (not all) attackers don't know that much about TCP/IP, DNS, et. al, and they tend to copycat one another and do the same things due to magical thinking.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the NANOG mailing list