Once upon a time, Mark Andrews <ma...@isc.org> said: > If we have Attacker -> CPE -> Auth -> CPE -> Target why isn't the CPE > returning answers from its cache?
Most of the CPE just run a DNS proxy (e.g. dnsmasq on Linux-based boxes), not a full cache. Even if they ran a cache, the attack would still be CPE->Target (just not going to another server in-between). It is easier to find an open CPE being used to attack and shut it down when it sends every request back out to the ISP's recursive servers. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
