[169225] in North American Network Operators' Group
Re: random dns queries with random sources
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Wed Feb 19 00:55:43 2014
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: North American Networking and Offtopic Gripes List <nanog@nanog.org>
Date: Wed, 19 Feb 2014 05:53:42 +0000
In-Reply-To: <530445A4.7090808@ttec.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 19, 2014, at 12:48 PM, Joe Maimon <jmaimon@ttec.com> wrote:
> What I cant figure out is what is the target and how this attack method i=
s any more effective then the others.
The target appears to be the authoritative servers for the domain in questi=
on, yes?
The attacker may consider it more effective because it provides a degree of=
obfuscation, or maybe he has some reason to game the operators of the auth=
oritative servers in question into denying requests from your recursors.
Most (not all) attackers don't know that much about TCP/IP, DNS, et. al, an=
d they tend to copycat one another and do the same things due to magical th=
inking.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
