> On 4. 9. 2013, at 16:50, Jim Reid <[email protected]> wrote: > > On 4 Sep 2013, at 15:40, Ondřej Surý <[email protected]> wrote: > >>> Check also ICMP "packet too big" coming in with ridiculous sizes, they >>> might be the sign that someone is trying the Shulman attack. >> >> True, but again, that might work for us, but not for average DNS operator. > > Indeed. But who is more likely to be the target of this type of attack > Ondřej, a TLD with decent DNS infrastructure or the name server for > jimswebsite.com? AFAIK the average DNS operator was not targeted for the 9K > ANY attacks. At least not yet.
Personally I would pick the incumbent ISP and a major banks DNS operators;). O. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
