[dns-operations] dns-operations at lists.dns-oarc.net
fw at deneb.enyo.de
Fri May 11 20:46:04 UTC 2012
* Chris Adams:
> At that point, random botnets are not the problem. If you get an
> excessive number of queries from a customer, you can shut off the
> customer (because either they have broken software or they're infected).
This is not what happens in practice because query anomalies tend to
come in clusters, either because customers in the same region tend to
pick up similar malware or because they deliberately use the same
nominally non-malicious software which exhibits query anomalies
(perhaps because you've shipped it to them yourself).
Reflection through broadband routers is a possibility as well,
More information about the dns-operations