nanog mailing list archives
Re: swedish dns zone enumerator
From: Randy Bush <randy () psg com>
Date: Thu, 02 Nov 2023 08:13:10 -0700
I might be reading this wrong, but I don't think the point Randy was trying to make was 'NS queries are an attack', 'UDP packets are an attack' or 'IP packets are an attack' . I base this on the list of queries Randy decided to include as relevant to the thesis Randy was trying to make, instead of wholesale warning of IP, UDP or NS queries.
i was warning of an ndrek3 enumeration attack from the source netblock's ip space i am far from an expert in ndrek3 enumeration. but i naïvely assume that most tld rrs are ns so that is what they're after. but, as you say, that is beside the point. randy
Current thread:
- Re: swedish dns zone enumerator Amir Herzberg (Nov 01)
- <Possible follow-ups>
- Re: swedish dns zone enumerator Mark Andrews (Nov 01)
- Re: swedish dns zone enumerator Randy Bush (Nov 01)
- Re: swedish dns zone enumerator Mark Andrews (Nov 02)
- Re: swedish dns zone enumerator Saku Ytti (Nov 02)
- Re: swedish dns zone enumerator Randy Bush (Nov 02)
- Re: swedish dns zone enumerator Randy Bush (Nov 01)
- Re: swedish dns zone enumerator John McCormac (Nov 02)
- Re: swedish dns zone enumerator Stephane Bortzmeyer (Nov 02)
- Re: swedish dns zone enumerator Mark Andrews (Nov 02)