[dns-operations] Why would an MTA issue an ANY query instead of an MX query?
cmadams at hiwaay.net
Tue Jun 12 00:14:14 UTC 2012
Once upon a time, Mark Andrews <marka at isc.org> said:
> If we have Attacker -> CPE -> Auth -> CPE -> Target why isn't the CPE
> returning answers from its cache?
Most of the CPE just run a DNS proxy (e.g. dnsmasq on Linux-based
boxes), not a full cache. Even if they ran a cache, the attack would
still be CPE->Target (just not going to another server in-between). It
is easier to find an open CPE being used to attack and shut it down when
it sends every request back out to the ISP's recursive servers.
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the dns-operations