On Tue, Aug 04, 2015 at 06:15:43PM -0400, Ted Lemon <[email protected]> wrote a message of 312 lines which said:
> because the client may be an open resolver that implements cookies, > and indeed open resolvers that implement cookies will now be > specially favored as attack vectors. The vast majority of open resolvers are broken CPE, with a poor and limited implementation of DNS, or very old BIND not maintained for years. I think it's unlikely they will be upgraded to support cookies. > And of course botnet attackers have legit IP addresses and use them, If you do a reflection attack, or a poisoning attack, you cannot use your legit IP address. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
