Ronald F. Guilmette <r...@tristatelogic.com> wrote: > > P.P.S. Yes, yes, I _am_ aware... as someone will surely point out... > that part (1) above contains the seed of potential abuse. A malicious > prankster could, in theory send spoofed packets of type (1) above to > lots and lots of DNS servers which he believes that his real victim, A, > might be needing to send legitimate DNS/UDP queries to... and needing > to get legitimate DNS/UDP queries back from... in the near/immediate future.
More amusingly, what if you send lots of these packets to an authoritative name server spoofed "from" legitimate resolvers? The authoritative server then has to shift a large proportion of its responses to TCP, which might cause problems. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users