[dns-operations] Statistics from Austria

Frederico A C Neves fneves at registro.br
Tue Jul 29 08:53:28 UTC 2008

On Tue, Jul 29, 2008 at 10:33:29AM +0200, bert hubert wrote:
> On Tue, Jul 29, 2008 at 12:54:55AM +0100, Ray.Bellis at nominet.org.uk wrote:
> > > If you take these into account, that might be a large quantity of 
> > > spotted nodes.
> > 
> > Most residential CPE don't have resolvers, they have DNS proxies (of 
> > varying quality).
> While this is true, anybody doing DNS queries over UDP using a static source
> port is at risk. A full resolver serving a million users is of course a
> bigger bounty than a domestic router serving a single home.

I suppose on proxies the odds of success of this attack are quite low
based on the absence of the cache to poison. A proxy in this situation
works kind like a stateful firewall for DNS packets.


More information about the dns-operations mailing list