On Fri, Apr 6, 2012 at 12:52 PM, PC <[email protected]> wrote: > Of course you'd have to actually be running a poorly configured DNS server > on that IP for this to work...
Right.... was that IP ever running a DNS service? Picking random IPs to spoof and hope some of the random IPs happen to be DNS servers doesn't sound like a very "efficient" attack. It seems like the attacker would want to 'probe first' before selecting innocent servers to reflect at Perhaps 2 or 3% of the possible random IPs on the internet actually run DNS servers that could possibly respond to spoofed queries? -- -JH
