> > What I don't understand is that the source adresses are mostly out > > of dynamic address pools from broadband ISP around the world. > > So the victims are residentinal users? > > No, most likely the residential users have CPEs with DNS proxies which > are open to queries from the WAN side. Thus the attack is typically: > spoofed source -> CPE -> name server -> CPE -> DoS of spooofed source Oh, thanks. That's the missing link. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] annoying DDoS attack on ns0.rfc1035.com
Zuleger, Holger, Vodafone Germany Mon, 11 Jun 2012 01:06:15 -0700
- Re: [dns-operations] annoying DDoS ... Paul J. Smith
- Re: [dns-operations] annoying D... Stephane Bortzmeyer
- Re: [dns-operations] annoying DDoS ... DTNX Postmaster
- Re: [dns-operations] annoying D... Paul J. Smith
- Re: [dns-operations] annoying DDoS attac... DTNX Postmaster
- Re: [dns-operations] annoying DDoS attac... Paul Vixie
- Re: [dns-operations] annoying DDoS ... Jan Inge Sande
- Re: [dns-operations] annoying D... Jim Reid
- Re: [dns-operations] annoying DDoS attac... Zuleger, Holger, Vodafone Germany
- Re: [dns-operations] annoying DDoS ... sthaug
- Re: [dns-operations] annoying D... Zuleger, Holger, Vodafone Germany
- Re: [dns-operations] annoying D... Livingood, Jason
- Re: [dns-operations] annoyi... Jan-Piet Mens
- Re: [dns-operations] an... Wessels, Duane
- Re: [dns-operations] annoying DDoS attac... Tony Finch
