If I had a dollar for every 'scary security alert' email received in a NOC email inbox from a 'security researcher group' that is the results of a port scan, or some small subset of trojan infected residential endpoint computers attempting outbound connections on ($common_service_port), or similar...
On Tue, Oct 13, 2020 at 7:50 PM Chris Adams <c...@cmadams.net> wrote: > Once upon a time, Eric Kuhnke <eric.kuh...@gmail.com> said: > > Considering that one can run an instance of an anycasted recursive > > nameserver, under heavy load for a very large number of clients, on a > $600 > > 1U server these days... I wonder what exactly the threat model is. > > A customer forwarded one of these notices to us - looked like it's about > recursive DNS cache poisoning. It's been a while since I looked > closely, but I thought modern recursive DNS software was pretty > resistant to that, and anyway, the real answer to that is DNSSEC. > > I could be wrong, but getting a scary-sounding OMG SECURITY ALERT email > from some group I've never heard of (and haven't AFAIK engaged the > community about their "new" attack, scans, or notices)... seems more > like shameless self promotion. > > -- > Chris Adams <c...@cmadams.net> >
