random dns queries with random sources

Joe Maimon jmaimon at ttec.com
Wed Feb 19 06:11:28 UTC 2014


Dobbins, Roland wrote:
>
> On Feb 19, 2014, at 12:48 PM, Joe Maimon <jmaimon at ttec.com> wrote:
>
>> What I cant figure out is what is the target and how this attack method is any more effective then the others.
>
> The target appears to be the authoritative servers for the domain in question, yes?

I dont think so, but I have not compiled the full list of domains and 
compared the auth servers for each.

>
> The attacker may consider it more effective because it provides a degree of obfuscation, or maybe he has some reason to game the operators of the authoritative servers in question into denying requests from your recursors.
>
> Most (not all) attackers don't know that much about TCP/IP, DNS, et. al, and they tend to copycat one another and do the same things due to magical thinking.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> 	  Luck is the residue of opportunity and design.
>
> 		       -- John Milton
>
>
>
>



More information about the NANOG mailing list