> On Oct 14, 2020, at 3:34 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote: > > I think he means packet captures from an example, voluntarily-tested > recursive nameserver subject to this attack.
Thanks. We have updated all the report pages with a self-test tool specific to the network associated with the report. This should allow a network admin that received our report to check whether or not the condition still exists and to perform a packet capture from whatever vantage point they want in their network. A more general tool (i.e., for anyone to use) will be made available in the future. Cheers, Casey > > > On Wed, Oct 14, 2020 at 11:53 AM Casey Deccio <ca...@deccio.net > <mailto:ca...@deccio.net>> wrote: > Hi Bryan, > > > On Oct 14, 2020, at 12:43 PM, Bryan Holloway <br...@shout.net > > <mailto:br...@shout.net>> wrote: > > > > I too would like to know more about their methodology > > We've written up our methodology and results in a paper that will be > available in a few weeks. Happy to post it here if folks are interested. > Obviously, no networks are individually identified; it's all aggregate. > > Also, we're working on a self-test tool, but it's not quite ready yet. Sorry. > > > and actual tangibles ideally in the form of PCAPs. > > What do you mean by "tangibles in the form of PCAPs"? > > Casey