[151968] in North American Network Operators' Group
Re: DNS noise
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Fri Apr 6 14:09:02 2012
In-Reply-To: <CAJAdsDkqxoe-=0wiC84u1KJEyZUqWesw5o5k3VkFzgbuWxpLew@mail.gmail.com>
Date: Fri, 6 Apr 2012 13:08:31 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: PC <paul4004@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Apr 6, 2012 at 12:52 PM, PC <paul4004@gmail.com> wrote:
> Of course you'd have to actually be running a poorly configured DNS server
> on that IP for this to work...
Right.... was that IP ever running a DNS service?
Picking random IPs to spoof and hope some of the random IPs happen to
be DNS servers
doesn't sound like a very "efficient" attack. It seems like the
attacker would want to
'probe first' before selecting innocent servers to reflect at
Perhaps 2 or 3% of the possible random IPs on the internet actually
run DNS servers
that could possibly respond to spoofed queries?
--
-JH
