> Someone mentioned that as soon as the spoofed client is blocked, that > a new spoofed client is used... This behavior seems... strange. How I can't confirm this behaviour.
> quick is this shift? How would one know when to shift the target? The > modes I _can_ come up with largely involve having some sort of > information about what is reaching the target. (bandwidth or traffic > sources) This just leads to more interesting questions about those > perpetrating the attacks, and their intent. Is there an obvious way of > discerning the time to switch targets that I am missing? Is this a > non-interesting topic? My observation is that the source adress is changing anyway after a while. With or without blocking. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs