> I might be reading this wrong, but I don't think the point Randy was > trying to make was 'NS queries are an attack', 'UDP packets are an > attack' or 'IP packets are an attack' . I base this on the list of > queries Randy decided to include as relevant to the thesis Randy was > trying to make, instead of wholesale warning of IP, UDP or NS queries.
i was warning of an ndrek3 enumeration attack from the source netblock's ip space i am far from an expert in ndrek3 enumeration. but i naïvely assume that most tld rrs are ns so that is what they're after. but, as you say, that is beside the point. randy
