Here are some dns servers I gathered/scanned during the time I researched this months ago(that appear to still be up):
68.1.199.151 68.1.196.116 68.1.195.161 68.1.193.177 Just remember when you test/capture packets that the domain being resolved must NOT exist(ie. "x"). On Thu, 2 Mar 2006, Gadi Evron wrote: > [EMAIL PROTECTED] wrote: > > While you're on the subject of the potentials of DOSing using DNS servers, > > I noticed several months ago some possible abuses myself, although I soon > > lost interest for some reason or another. > > > > I noticed that a portion of the worlds DNS servers for some reason or > > another send back large amounts of duplicate replies if, and only if, the > > domain being resolved does not exist. > > > > The amount of duplicates seems to range between 2 and 24(in steps of 2, 4, > > 8, 12, 16, 20 and 24), where each reply packet is roughly 2.5x(including IP > > header) larger than the original request(because of the SOA). So, for > > example one request to a DNS server that sends 24 dups back would roughly > > equal 60x(24*2.5) amplification of data. > > This is very interesting. I don't have any idea why that is happeniong > (yet). Can you share packet captures? >
