[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

random dns queries with random sources

Subject: random dns queries with random sources
From: jmaimon at ttec.com (Joe Maimon)
Date: Wed, 19 Feb 2014 00:48:20 -0500
In-reply-to: <CAK__KztwDR0U1gWFhQhRdX=Dn49jeUrFpJUf0Z0JTVNYonSViA@mail.gmail.com>
References: <[email protected]> <[email protected]> <CAK__KztwDR0U1gWFhQhRdX=Dn49jeUrFpJUf0Z0JTVNYonSViA@mail.gmail.com>

George Herbert wrote:
> Right.  Nonzero chances that you (Joe's site) are the target...
>
> Also, check if you have egress filtering of spoofed addresses below these
> DNS resources, between them and any user objects.  You could be sourcing
> the spoofing if not...

It seems to me that the same|similar dataset of open resolvers to be 
used for amplification attacks is also being used for this sort of 
thing, and the overall effect is not large enough to indicate my 
resources are a target.

What I cant figure out is what is the target and how this attack method 
is any more effective then the others.

Joe

Follow-Ups:
- random dns queries with random sources
  - From: rdobbins at arbor.net (Dobbins, Roland)
- random dns queries with random sources
  - From: owen at delong.com (Owen DeLong)

References:
- random dns queries with random sources
  - From: jmaimon at ttec.com (Joe Maimon)
- random dns queries with random sources
  - From: rdobbins at arbor.net (Dobbins, Roland)
- random dns queries with random sources
  - From: george.herbert at gmail.com (George Herbert)

Prev by Date: random dns queries with random sources
Next by Date: random dns queries with random sources
Previous by thread: random dns queries with random sources
Next by thread: random dns queries with random sources
Index(es):
- Date
- Thread