-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <5411d5b6.8090...@isc.org>, Cathy Almond <cat...@isc.org>
writes
>There's a lot of this about.
I agree ... and I have some extensive measurements of it
>We did awhile back wonder if it was botnet-related, but I've not (yet)
>seen any persuasive evidence that it is.
I agree with the view that it's an attack on the authoritative server
and I have been told that it's pretty effective at that!
Although the attack could be done with a botnet or by reflecting traffic
off end-user equipment, many of the attacks I have seen involve source
IP spoofing. I deduce this by noting that a fairly large percentage of
the traffic comes from blocks of IPs that are not currently routed on
the open Internet.
I wonder the extent to which the end-user equipment is being blamed when
it's just routed IPs which are being used.
It would be interesting to confirm my observation (or at least segment
the attacks into those where this is a tactic).
- --
Dr Richard Clayton <richard.clay...@cl.cam.ac.uk>
tel: 01223 763570, mobile: 07887 794090
Computer Laboratory, University of Cambridge, CB3 0FD
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBVBHxPeINNVchEYfiEQKPRACg7yt9a9az8VQsiihd0cl2vgnOLnMAnini
FA9ZQDkDekigzaI5BaLP4MeQ
=Pj+P
-----END PGP SIGNATURE-----
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
