[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS noise

Subject: DNS noise
From: mysidia at gmail.com (Jimmy Hess)
Date: Fri, 6 Apr 2012 13:08:31 -0500
In-reply-to: <CAJAdsDkqxoe-=0wiC84u1KJEyZUqWesw5o5k3VkFzgbuWxpLew@mail.gmail.com>
References: <8C26A4FDAE599041A13EB499117D3C287CA17C7F@EX-MB-1.corp.atlasnetworks.us> <CABO8Q6QrNbwe_Z-DV9xLVqF0gVBs1ntT=DtwDujSEZipoNSfkw@mail.gmail.com> <CAJAdsDkqxoe-=0wiC84u1KJEyZUqWesw5o5k3VkFzgbuWxpLew@mail.gmail.com>

On Fri, Apr 6, 2012 at 12:52 PM, PC <paul4004 at gmail.com> wrote:
> Of course you'd have to actually be running a poorly configured DNS server
> on that IP for this to work...

Right....  was that IP ever running a DNS service?

Picking random IPs to spoof and hope some of the random IPs happen to
be DNS servers
doesn't sound like a very "efficient" attack.    It seems like the
attacker would want to
'probe first'   before selecting innocent servers to reflect at

Perhaps 2 or 3%  of  the  possible random IPs on the internet actually
run DNS servers
that could possibly respond to spoofed queries?

--
-JH

References:
- DNS noise
  - From: nathan at atlasnetworks.us (Nathan Eisenberg)
- DNS noise
  - From: keegan.holley at sungard.com (Keegan Holley)
- DNS noise
  - From: paul4004 at gmail.com (PC)

Prev by Date: DNS noise
Next by Date: DNS noise
Previous by thread: DNS noise
Next by thread: DNS noise
Index(es):
- Date
- Thread