[dns-operations] Force TCP for external quereis to Open Resolvers?

Jim Reid jim at rfc1035.com
Sun Mar 31 16:23:26 UTC 2013

On 31 Mar 2013, at 17:09, Vernon Schryver <vjs at rhyolite.com> wrote:

> What's the profit for the bad guy in spending 10 bps of botnet
> bandwidth to reflect 9 bps at the target?

Having the reflected traffic appear to come from trusted name servers instead of his botnet perhaps? Though since the botnet almost certainly won't implement BCP38, I suppose the bad guy could put bogus source addresses in the outgoing packets anyway,

More information about the dns-operations mailing list