[dns-operations] DNS deluge for x.p.ctrc.cc

Geo. geoincidents at nls.net
Wed Mar 1 19:41:32 UTC 2006

> Ejay Hire wrote:
> > If the ISP fixes their DNS servers to restrict the Ips for
> > which they answer recursive queries, then those fixed DNS
> > servers will ignore the spoofed request because the spoofed
> > request appears to come from an IP that hey do not serve.
> I believe Geo actually meant something different. I also did not
> understand his meaning at all at first... then he further explained.
> As the bots are in the ISP's allowed space, the ISP's DNS server will
> allow recursion to these bots.

Almost but not quite. If the ISP limits access to the recursive servers via
a firewall between the internet and the ISP but not between their customers
and the dns servers then spoofed requests from local clients will be
accepted by the dns servers since they never pass thru the firewall.


More information about the dns-operations mailing list