2 Nov
2023
2 Nov
'23
11:13 a.m.
I might be reading this wrong, but I don't think the point Randy was trying to make was 'NS queries are an attack', 'UDP packets are an attack' or 'IP packets are an attack' . I base this on the list of queries Randy decided to include as relevant to the thesis Randy was trying to make, instead of wholesale warning of IP, UDP or NS queries.
i was warning of an ndrek3 enumeration attack from the source netblock's ip space i am far from an expert in ndrek3 enumeration. but i naïvely assume that most tld rrs are ns so that is what they're after. but, as you say, that is beside the point. randy