Joe Greco <[email protected]> wrote: > > Assuming that the CPE is a NAT (effectively firewalling clients from > poisoning attacks) and/or that the individual clients have well- > designed, impervious resolvers is likely to be a fail.
I was under the impression that a common failure of NATs is that they sometimes defeat source port randomization, so they can make it easier for an attacker to poison a cache that is behind a NAT than an exposed cache. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Trafalgar: Cyclonic in northwest, otherwise mainly northerly or northwesterly 5 or 6. Slight or moderate. Showers in northwest. Good. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
