27 Sep
2012
27 Sep
'12
2:26 p.m.
On Thu, Sep 27, 2012 at 12:12:50PM -0400, Patrick W. Gilmore <patrick@ianai.net> wrote a message of 32 lines which said:
I do not know of any name servers that reply to queries with UDP packets filled with only the letter X. The DNS Headers alone require more than the letter "X".
Yes, you're right but I'm not sure we should take the original report too litterally. May be he meant there were a lot of X in the packets (and he missed the headers), which is consistent with DNS "large TXT" attacks such as the one described in <http://technet.microsoft.com/en-us/security/hh972393.aspx> (where the attacker filled with consecutive numbers, not X). Anyway, without the actual pcap file, it is only speculation.