If I had a dollar for every 'scary security alert' email received in a NOC email inbox from a 'security researcher group' that is the results of a port scan, or some small subset of trojan infected residential endpoint computers attempting outbound connections on ($common_service_port), or similar... On Tue, Oct 13, 2020 at 7:50 PM Chris Adams <cma@cmadams.net> wrote:
Once upon a time, Eric Kuhnke <eric.kuhnke@gmail.com> said:
Considering that one can run an instance of an anycasted recursive nameserver, under heavy load for a very large number of clients, on a $600 1U server these days... I wonder what exactly the threat model is.
A customer forwarded one of these notices to us - looked like it's about recursive DNS cache poisoning. It's been a while since I looked closely, but I thought modern recursive DNS software was pretty resistant to that, and anyway, the real answer to that is DNSSEC.
I could be wrong, but getting a scary-sounding OMG SECURITY ALERT email from some group I've never heard of (and haven't AFAIK engaged the community about their "new" attack, scans, or notices)... seems more like shameless self promotion.
-- Chris Adams <cma@cmadams.net>