[dns-operations] How many kinds of DNS DoS attacks are we trying to stop ?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Sep 27 20:54:59 UTC 2012
On Fri, Sep 28, 2012 at 08:11:25AM +1200,
Sebastian Castro <sebastian at nzrs.net.nz> wrote
a message of 37 lines which said:
> I tested that while at CAIDA in order to qualify the sources of
> traffic hitting the root servers. Most of the OS fingerprinting is
> based on variations of the TCP handshake flags + other TCP elements.
Do note that this tool claims to be able to fingerprint sometimes with
only one packet:
http://lcamtuf.coredump.cx/p0f3/
But it's only TCP. The UDP header is really small and carries little
information.
More information about the dns-operations
mailing list