Dimitri, Please find my responses in-line...
On 03/10/2013 07:07 PM, Dmitry Anipko wrote: > In such an attack, is the attacker on the path between the victim and > the server? No. > If yes, there are more efficient ways how they can DoS > the victim. If no, how does the attacker know which of the billions > hosts on the Internet will be talking to this DNS server in the next > second (in order to send packets with fake source address to that > particular victim host)? Simple example: Think about the DNS "client" being the catching DNS server of a large ISP, and the DNS server the authoritative server for a zone. > Separately from that, how often network operators deploy egress > filtering, that drops packets from malicious hosts sent with fake > source addresses? This one was answered by Mark Andrews, already. Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
