[dns-operations] How many kinds of DNS DoS attacks are we trying to stop ?

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Sep 27 20:54:59 UTC 2012

On Fri, Sep 28, 2012 at 08:11:25AM +1200,
 Sebastian Castro <sebastian at nzrs.net.nz> wrote 
 a message of 37 lines which said:

> I tested that while at CAIDA in order to qualify the sources of
> traffic hitting the root servers. Most of the OS fingerprinting is
> based on variations of the TCP handshake flags + other TCP elements.

Do note that this tool claims to be able to fingerprint sometimes with
only one packet:


But it's only TCP. The UDP header is really small and carries little

More information about the dns-operations mailing list