I am not sure about the random source port for UDP transactions.. would it not require intervening firewalls to have a connection tracker that did DNS, and would need to be able to decode the UDP port coming back so that they were part of the transaction.
I would agree that either this attack or something similar might have been in use for a while. Looking over DNS traffic to our university servers.. there has been some stuff that has got the back fo the head going.. hmmm.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds