On Sat, Jan 24, 2015 at 07:29:27AM -0800, Paul Ferguson <fergdawgs...@mykolab.com> wrote a message of 47 lines which said:
> I have not found & delved into the MCB documents in depth, but from > the cursory description, this sound like nothing more than Passive DNS > monitoring, No, MoreCowBell has two parts, passive monitoring *and* active search by dictionary attacks through open resolvers (to hide the true source) <http://s1.lemde.fr/mmpub/edt/zip/20150123/194433/assets/images/nsa/3-534x401.jpg>, last two bullets. > pDNS does nothing more than track historical resolution data between > recursive and authoritative DNS servers, and in fact does *not* > track queries made between stub/end-systems and recursive resolvers, > so there is no tracking of *who* made any specific DNS query. Known passive DNS systems like DNSDB ou PassiveDNS.cn do not keep track of the source IP address (or of the query), for privacy (and costs) reasons but nothing says that MoreCowBell is so weel-behaved. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
