Damian Menscher writes: > I'm curious if anyone knows the significance of that 7-byte string? They > say it's common to all attack traffic, whether the query or the response, > so that suggests it's the qname. But it doesn't look like a valid qname > to me, so open resolvers wouldn't respond to it with any amplification. > What am I missing?
The original report is quite unclear on where the string occurs in the packet. It could just be a common prefix for domain names for which the responding resolvers would provide large negative answers. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
