2 Nov
2012
2 Nov
'12
3:59 a.m.
On 2 November 2012 10:05, Juha Saarinen
http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
The article notes without elaboration: "In order to increase your attack's volume, you could try and add more compromised machines to your botnet. That is becoming increasingly difficult. " Is that good news, or have botted devices reached saturation? That there aren't any un-botted left to be taken. And I'm a bit confused, "That's a 64 byte query that resulted in a 3,223 byte response." My understanding was at a certain size of response, DNS switched to TCP to return results, but maybe the unsolicited response handshake is accepted blindly?
Juha Saarinen AITTP
Hamish. -- http://hamish.kiwi.me