idnits 2.17.1 

draft-otis-spf-dos-exploit-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 14.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 2882.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 2859.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 2866.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 2872.

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses
     in the document.  If these are example addresses, they should be changed.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document doesn't use any RFC 2119 keywords, yet seems to have RFC
     2119 boilerplate text.

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (June 24, 2006) is 6515 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: 'RFC2822' is defined on line 450, but no explicit
     reference was found in the text

  == Outdated reference: A later version (-14) exists of
     draft-crocker-email-arch-04

  == Outdated reference: A later version (-10) exists of
     draft-ietf-dkim-base-02

  -- Obsolete informational reference (is this intentional?): RFC 2671
     (Obsoleted by RFC 6891)

  -- Obsolete informational reference (is this intentional?): RFC 2821
     (Obsoleted by RFC 5321)

  -- Obsolete informational reference (is this intentional?): RFC 2822
     (Obsoleted by RFC 5322)

  -- Obsolete informational reference (is this intentional?): RFC 4408
     (Obsoleted by RFC 7208)


     Summary: 3 errors (**), 0 flaws (~~), 7 warnings (==), 11 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	individual                                                       D. Otis
3	Internet-Draft                                         Trend Micro, NSSG
4	Expires: December 26, 2006                                 June 24, 2006

6	                          SPF DoS Exploitation
7	                     draft-otis-spf-dos-exploit-01

9	Status of this Memo

11	   By submitting this Internet-Draft, each author represents that any
12	   applicable patent or other IPR claims of which he or she is aware
13	   have been or will be disclosed, and any of which he or she becomes
14	   aware will be disclosed, in accordance with Section 6 of BCP 79.

16	   Internet-Drafts are working documents of the Internet Engineering
17	   Task Force (IETF), its areas, and its working groups.  Note that
18	   other groups may also distribute working documents as Internet-
19	   Drafts.

21	   Internet-Drafts are draft documents valid for a maximum of six months
22	   and may be updated, replaced, or obsoleted by other documents at any
23	   time.  It is inappropriate to use Internet-Drafts as reference
24	   material or to cite them other than as "work in progress."

26	   The list of current Internet-Drafts can be accessed at
27	   http://www.ietf.org/ietf/1id-abstracts.txt.

29	   The list of Internet-Draft Shadow Directories can be accessed at
30	   http://www.ietf.org/shadow.html.

32	   This Internet-Draft will expire on December 26, 2006.

34	Copyright Notice

36	   Copyright (C) The Internet Society (2006).

38	Abstract

40	   This document describes an email induced Denial of Service threat
41	   from SPF script used to evaluate the association of a source domain-
42	   name with the sending-system.  The SPF script attempts to establish
43	   the domain-name association through the construction of an extensive
44	   IP address list of all sending-systems.  Expectations of an
45	   association have become problematic, as message handling might be
46	   negatively affected without an apparent domain-name relationship
47	   discovered between the sending-system and either the message envelope
48	   or the message itself.

50	   There is a safe name-based alternative to the SPF method that
51	   associates a source domain-name with the sending-system by
52	   conditionally comparing a list of domain-names against a verified
53	   EHLO.  This alternative name-based association follows the
54	   verification of the sending-system's EHLO.  Each of the two steps in
55	   this alternative approach involves only a single DNS transaction.
56	   Initially verifying the EHLO of the sending-system avoids the
57	   multiplicative effects created when a large number of common DNS
58	   resources are relied upon by a sequence of Mail Handling Systems
59	   (MHS) forwarding a message.  A verified EHLO also provides a name-
60	   based identifier for establishing requisite DoS protections.  The two
61	   SPF indirect references found in the text script, PTR, and MX records
62	   makes this scheme a highly dangerous method to verify an anonymous
63	   SMTP client's authorization.  Dramatic reductions in the scale of the
64	   potential impact is accomplished by limiting common resources used
65	   for evaluating a domain-name to that of a single conditional DNS
66	   transaction.

68	Table of Contents

70	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
71	   2.  Definitions  . . . . . . . . . . . . . . . . . . . . . . . . .  5
72	   3.  Defense against Denial of Service Attacks  . . . . . . . . . .  5
73	   4.  The Exploit Example  . . . . . . . . . . . . . . . . . . . . .  8
74	   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
75	   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 10
76	   7.  Informative References . . . . . . . . . . . . . . . . . . . . 11
77	   Appendix A.  Example Attacking Domain Zone File  . . . . . . . . . 12
78	   Appendix B.  Example Traffic Qualifying
79	                jo@cert-test.mail-abuse.org . . . . . . . . . . . . . 15
80	   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 62
81	   Intellectual Property and Copyright Statements . . . . . . . . . . 63

83	1.  Introduction

85	   Two experimental RFCs "Sender Policy Framework (SPF) for Authorizing
86	   Use of Domains in E-Mail, Version 1" [RFC4408] and "Sender ID:
87	   Authenticating E-Mail" [RFC4406] relate various email source domains
88	   with the IP address of the SMTP client by assembling an extensive
89	   list of IP addresses.  Both drafts utilize the SPF script syntax to
90	   manipulate names and content of Resource Records (RRs) obtained
91	   through DNS transactions.  The SPF script is stored in one or more
92	   TXT RRs that are intended to hold generic character-strings.  An
93	   additional lookup may be required to ascertain whether SPF specific
94	   RR types are being used instead of TXT RRs.

96	   SPF script employs string related macros, Address RRsets containing
97	   IP address information, MX RRsets containing the name and preference
98	   numbers of Mail Transfer Agents (MTAs), and the PTR RRsets located in
99	   the reverse reference IP address domains.  Although this SPF script
100	   can be utilized in a number of ways, normally the intent is to return
101	   IP addresses of all systems directly involved with sending messages
102	   for a particular domain.  In doing so, SPF drastically alters the
103	   scale of a DNS answer.  The SPF script may define these addresses
104	   with CIDR notation and/or lookups of various RRsets.

106	   The SPF script places limits on the number of DNS transactions
107	   permitted at each Mail Handling Service (MHS) in the path of the
108	   message when evaluating each source domain-name.  SPF script may
109	   invoke 10 DNS transactions for various RRsets, where up to 10
110	   follow-on DNS transactions may then occur.  When the script does not
111	   provide a PASS result, an additional lookup might be made to obtain a
112	   macro expanded explanation TXT RR.  As an example, evaluating just
113	   one domain-name per MHS may involve lookups for 1 TXT RR, 10 MX
114	   RRsets, and 100 A RRsets for a total of 111 DNS transactions.  While
115	   there can be 11 SPF TXT RRs containing script in different domains,
116	   each of the 10 MX mechanism RRsets can contain 10 unique domain-names
117	   that span 100 victim domains.

119	   Currently, there are two different domain-names in a message that are
120	   evaluated using SPF records.  There is the [RFC2821].MailFrom, and
121	   the experimental and proprietary "Purported Responsible Address in
122	   E-Mail Messages" [RFC4407], where verifying each domain-name
123	   separately invokes the SPF evaluation process.  There have been
124	   suggestions that the [I-D.ietf-dkim-base] Signing-Domain might also
125	   be evaluated using SPF, where multiple signatures from different
126	   domains can also exist.

128	   SPF script is not predicated upon verifying the domain controlling
129	   the MTA.  Obfuscation of the controlling domain may even erroneously
130	   shift accountability onto the often hapless email-address domain
131	   owners who typically rely upon third-party services and may publish
132	   open-ended address lists.  The address-list approach prevents fair
133	   name-based accrual of MTA behaviors as a means to establish effective
134	   DoS protections.  To be effective, a DoS protection scheme must
135	   indicate specifically what domain is in control.  SPF scripts might
136	   reference only victim domains unrelated to the control of the MTA,
137	   and provide inconclusive results subsequent to the evaluation.

139	2.  Definitions

141	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
142	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
143	   document are to be interpreted as described in [RFC2119].

145	   Terminology: Terminology conforms to [I-D.crocker-email-arch].

147	      RR: A DNS Resource Record.

149	      RRset: Resource Records of the same type and name location.

151	      Victim Domain: A domain not causing the transaction.

153	      Open-ended: Not all valid elements are included in the set.

155	3.  Defense against Denial of Service Attacks

157	   The DoS concern specific to SPF scripts is manifold.  SMTP is a store
158	   and forward protocol that distributes the SPF script threat to
159	   otherwise reputable MHS.  This distribution multiplies the impact of
160	   the script when many common DNS resources from multiple domains are
161	   utilized by subsequent MHS.  By encompassing multiple domains, the
162	   SPF script may not establish an accountable domain-name subsequent to
163	   evaluation when inconclusive results are obtained.  Owing to these
164	   conditions, there is no reasonable strategy that can be used to
165	   mitigate the potential harm created by a distributed SPF script
166	   generated DoS attack.  To estimate the potential for the SPF script
167	   generated threat, the level of network amplification is considered
168	   for this SPF DNS scripting scheme.

170	   A typical stance taken when discussing DoS concerns is that there are
171	   other network amplification techniques to facilitate DoS exploits.
172	   One such exploit utilizes DNS servers.  This exploit depends upon a
173	   lookup to be amplified by the difference between the query size and
174	   that of the answer, in addition to the number of queries made in a
175	   recursion process.  To roughly estimate the network impact created by
176	   DNS UDP traffic, 1.3 queries will be assumed to occur on average from
177	   every DNS lookup, with an average query size of 100 bytes and an
178	   average answer of 500 bytes.  Based upon these coarse assumptions,
179	   the resulting DNS amplification is about 13 to 1 when the source IP
180	   address of the lookup is also spoofed to be that of the targeted
181	   domain.  Some techniques have increased the level of this exploit by
182	   employing the [RFC2671] EDNS0 extension to query large RRsets that
183	   exceed the network MTU, and cause packet fragmentation.  This
184	   technique can achieve an impact with about a 60 times amplification,
185	   however the source of the large RRset can be identified.

187	   About 1 K bytes of outbound TCP traffic may be needed to send a small
188	   SMTP message.  SPF scripts can target 100 DNS transactions when
189	   evaluating a single domain-name.  In estimating the targeted
190	   amplification, the number of common DNS transactions is multiplied by
191	   the number of recipients in different domains, the different domain-
192	   names evaluated within the same message, and each sequential MHS that
193	   does not share a common DNS cache.  A message sent to only 1
194	   recipient who also utilize SPF evaluation in their MUA could then
195	   create about 312 to 1 network amplification directed toward a
196	   targeted domain.  As a comparison, evaluating domain-names using SPF
197	   represents about 24 times the threat caused by an exploit using
198	   recursive DNS, and about 5 times the threat caused by the use of
199	   EDNS0.  Unlike the EDNS0 technique however, the source of the problem
200	   remains hidden.

202	   The network amplification exploit using SPF may also leverage a
203	   provider's SMTP servers that are available from systems an attacker
204	   may have compromised.  It is common for tens of thousands of
205	   compromised systems to act in concert to disseminate spam, while each
206	   system may conform to normal use profiles.  These spam messages could
207	   have a small list of recipients that further amplify the level of the
208	   attack.  Perhaps these messages contain an average of 10 recipients.
209	   These messages may purport to be from email-addresses with random
210	   local names and sub-domains, beneath a list of top level domains.
211	   All of these different domains can nevertheless reference similarly
212	   targeted SPF records.  The messages in the attack could be a stock
213	   tip ending up in a spam folder.  No single message may convey the
214	   same information, and yet still target the same victim regardless who
215	   appears to be the author, or which folder is ultimately selected to
216	   receive the message.

218	     (1.3 x (100+500))/1000 = .78 DNS/SMTP Gain Factor

220	     SPF Script Network Amplification at victim domain:
221	      RR x MHS x Domain-Names x Recipients x DNS/SMTP = Gain

223	     100 x  2  x      2       x     1      x   .78    = 312

225	     100 x  2  x      1       x    10      x   .78    = 1560

227	     SMTP Name Path Network Amplification at victim domain:
228	      RR x MHS x Domain-Names x Recipients x DNS/SMTP = Gain

230	      1  x  2  x      2       x     1      x   .78    =  3

232	   The SPF script facilitates canvassing by a covert DNS server for
233	   domains that utilize SPF evaluations and also facilitates a sustained
234	   DoS attack based upon this knowledge.  Without altering the SPF
235	   script, local-part label macros provided by SPF can instantiate
236	   different queries for a series of messages from the same set of
237	   domains.  Using this technique, in addition to ensuring the DNS
238	   information has not been locally cached to inundate the targeted
239	   domain with DNS transactions, this will also flood the local DNS
240	   cache which may expel previously obtained information prior to its
241	   normal expiration.

243	   Just using the SPF script to evaluate a domain-name risks the
244	   integrity of DNS itself.  A poisoning exploit often attempts to both
245	   flood the DNS answering for the RR being poisoned, and to gain access
246	   to the DNS whose cache is to be poisoned.  Both of these efforts are
247	   facilitated by SPF script.  The SPF script also provides the ability
248	   to query a covert DNS server that tracks the source IP address,
249	   ports, and Transaction IDs of DNS transactions to improve upon
250	   subsequent construction and the timing of poison answers.

252	   The name-based path registration approach provides a 100 to 1
253	   reduction in the amount of network amplification with a maximum of
254	   only one conditional DNS transaction of a common resource.  This
255	   name-based approach also always provides an accountable domain-name
256	   for effective DoS protections; see [I-D.otis-smtp-name-path].  The
257	   name-based path registration alternative to SPF starts by verifying
258	   the EHLO; see [I-D.crocker-csv-csa].  This allows a name-based
259	   defense to be established that fairly holds the domain controlling
260	   each sending system accountable for any abuse.  This approach also
261	   ensures that prior to acceptance, there is no amplification of DNS
262	   transactions made with a victim domain, as each subsequent MTA
263	   forwarding a message offers their own EHLO that exists within their
264	   own domain or EHLO verification fails.  A failure to verify the EHLO
265	   allows the recipient to delay subsequent acceptance of messages from
266	   both the EHLO and the associated client IP address as an effective
267	   DoS defensive tactic.  Once EHLO verification is established as a
268	   requisite, message refusals could then be handled in a permanent
269	   fashion.

271	   The safe name-based alternative to the SPF script method requires
272	   just one or two steps.  The first steps ensures the EHLO of the MTA
273	   is directly verified with a single DNS transaction.  Once the EHLO is
274	   verified, and when the EHLO is within the domain-name in question, no
275	   second step is needed.  Otherwise, the second step attempts to
276	   establish a domain association by making a single forward reference
277	   PTR RRset lookup from the domain in question.  These PTR RRsets would
278	   simply list the provider's root domains used by the owner of the
279	   email-address domain.  A failure to verify the EHLO or to find an
280	   association with the message domain-names can delay acceptance of the
281	   message.  EHLO verification is comparatively easier to administer
282	   than SPF scripts.

284	4.  The Exploit Example

286	   This section and the accompanying appendix information is in response
287	   to requests made by a few large providers.  Explaining the threat in
288	   general terms proved difficult for many to understand.  This example
289	   represents one of many possible techniques that are enabled by the
290	   various SPF script parsing applications.  Other techniques can
291	   further increase the severity of such an attack, but are not
292	   reviewed.  As with any script, the permutations of possible actions
293	   are incredibly vast.

295	   This Exploit Example makes use of script parser capabilities in many
296	   SPF libraries, although libspf2 by Wayne Schlitt et al, by default,
297	   is at half the recommended number of RRs to be processed within an MX
298	   RRset.  It is not uncommon for an RRset to exceed this lowered limit.
299	   For example, more than this number of MX RRs are found within
300	   t-online.de or nokia.com.  These domains also do not publish SPF TXT
301	   records, which means even when a default SPF script containing the MX
302	   lookup mechanism is used instead, the lowered RRset cut-off randomly
303	   prevents some MX RRs from being examined.

305	   Although several libraries impose the recommended limit, the original
306	   SPF script's limiting mechanism was recursion depth, that contained
307	   the DNS transactions by the number of mechanisms that could be
308	   defined within 20 and changed to 10 additional SPF scripts.  This
309	   recursive method allows for exceedingly high numbers of DNS
310	   transactions.  There are several other recent libraries where no
311	   limits are imposed upon the number of MX RRsets, other than the
312	   number returned within the MX lookup.  SPF requires the acquisition
313	   of the TXT SPF record, which may then direct queries to 10 or 11
314	   other domains.  Most would consider that approach as mandating 10
315	   times the number of DNS transactions, but SPF also adds highly risky
316	   indirection enabled through SPF script and macro expansion.

318	   Taking advantage of just one level of indirection made possible by
319	   SPF macros, the Exploit Example closely matches the initial estimates
320	   made in Section 3, but where the request increases, the response is
321	   reduced by about the same amount.  The Example Exploit therefore
322	   represents a fairly symmetrical attack, and requires little knowledge
323	   of the victim's DNS information.  The traffic required to establish
324	   both the TXT and MX resource record sets should be excluded from the
325	   gain estimates, as the attack is able to take advantage of a
326	   difference between negative cache retention, and the TTL of these
327	   RRsets.

329	   Often negative caching is for a few minutes, but the RRset could be
330	   retained many hours.  After the requesting DNS servers have been
331	   seeded, the level of the attack could maintain a steady barrage while
332	   requiring far less effort.  The Time-To-Live for negative DNS caching
333	   may be determined by the recipient, or represent the lesser of the
334	   SOA TTL or the SOA MINIMUM field, depending upon the recipient's
335	   implementation, see [RFC2308].

337	   The attacker would initially populate TXT and MX RRsets that point
338	   toward the victim's domain.  Referencing different MX RRsets does not
339	   require an additional SPF TXT script.  Instead, the macro expansion
340	   capability can be used to reference a vast array of MX records, as
341	   illustrated by the Example Exploit which uses the local-part as a
342	   selector.  Optimally, this reference would cycle at a period longer
343	   than the resolver's negative cache retention period.  A reference to
344	   a covert DNS server that replicates the SOA record parameters of the
345	   victim could signal the optimal cycle period.

347	   The level of attack described in the presentation made for The DNS
348	   Operations, Analysis, and Research Center (DNS-OARC) called "Recent
349	   DNS Reflector Attacks From the Victim and the Reflector POV" by Frank
350	   Scalzo of Verisign, see [r-VS-Reflect] indicated the 35,000
351	   amplifying reflectors caused on average 144kbps (18KBps) to be
352	   exchanged with the victim.  A similar level of attack could be
353	   achieved by the Example Exploit occurring 0.28 times a second or 17
354	   times per minute.  When 2 domains are being examined, as may occur
355	   with Sender-ID, this level of attack would require just 8.5 messages
356	   per minute.

358	   Processing 8.5 messages per minute would represent a very small
359	   percentage of the emails already being handled by many providers.

361	   Already a majority of these emails are considered abusive.  A large
362	   provider may issue as many as 25,000 messages per minute and receive
363	   emails at twice that rate.  A strategy that sends messages through
364	   network providers addressed to 10 individuals on average from 35,000
365	   compromised systems at 50 per hour represents a scale of concerted
366	   attack commonly seen.  If these messages also get processed by spam
367	   filtering applications that also uses SPF/Sender-ID, the attack rate
368	   could then drop to 25 per hour and still sustain the same barrage.

370	   This type of activity could be considered a good way to leverage
371	   efforts.  While sending spam, perhaps containing malware,
372	   authoritative DNS servers are taken out by knowing which domains
373	   incorporate poorly considered, and ultimately fatally flawed, SPF
374	   parsers.  Once the authoritative DNS servers are disabled, the same
375	   SPF script can illicit queries through thousands of provider's DNS
376	   servers, and also trigger a barrage of poison answers.  These attacks
377	   can be done through two levels of indirection where it would be
378	   difficult to correlate what domain is inducing the problem, or how it
379	   can be stopped.  The SPF RRsets causing trouble will not appear on a
380	   log.  In the Example Exploit, the message is accepted with a neutral
381	   status without any evidence it was related to the victim's domain.

383	   SPF/Sender-ID reduces security.  Although there was already "A DNS RR
384	   Type for Lists of Address Prefixes (APL RR)" [RFC3123] that could
385	   serve extremely well for white-listing, SPF was developed as a method
386	   that avoids declaring who are the sending system's administrators and
387	   offers the feature-rich/security-poor scripting found with HTTP/TCP.
388	   Sender-ID was even originally specified using XML contained within
389	   2KB DNS resource records, expecting DNS/TCP would not become a
390	   problem.  With the highly distributive anonymous nature of email,
391	   reducing security while crime is rampant, is foolhardy at best.  SPF/
392	   Sender-ID continues to place the DNS infrastructure at risk.  Adopt
393	   EHLO verification, Name-Path registration, and the use of APL RRs.
394	   Drop the use of SPF.  Such a change would offer additional security,
395	   without actually reducing it instead.  Don't be afraid to use binary
396	   with DNS.

398	5.  IANA Considerations

400	   There are no registrations required by IANA.

402	6.  Security Considerations

404	   This document describes a threat to SMTP created by the evaluation of
405	   message related domain-names using SPF scripts.  This document
406	   recommends a safer alternative that first verifies the EHLO of the
407	   MTA and then conditionally finds associations using a domain-name
408	   list.  It is expected that the verified EHLO name will be checked
409	   against block-lists of abusers.  When either the EHLO can not be
410	   verified, or an association with a message domain-name can not be
411	   established, delayed message acceptance provides another defensive
412	   strategy which allows time for abuse to be reported.  Delay in
413	   acceptance can be accomplished with a Transient Negative Completion,
414	   in conjunction with "Requested action aborted: error in processing"
415	   SMTP response; see [RFC2821].

417	7.  Informative References

419	   [I-D.crocker-csv-csa]
420	              Crocker, D., "Client SMTP Authorization (CSA)",
421	              draft-crocker-csv-csa-00 (work in progress), October 2005.

423	   [I-D.crocker-email-arch]
424	              Crocker, D., "Internet Mail Architecture",
425	              draft-crocker-email-arch-04 (work in progress),
426	              March 2005.

428	   [I-D.ietf-dkim-base]
429	              Allman, E., "DomainKeys Identified Mail Signatures
430	              (DKIM)", draft-ietf-dkim-base-02 (work in progress),
431	              May 2006.

433	   [I-D.otis-smtp-name-path]
434	              Otis, D., "SMTP Name Path Registration",
435	              draft-otis-smtp-name-path-00 (work in progress),
436	              April 2006.

438	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
439	              Requirement Levels", BCP 14, RFC 2119, March 1997.

441	   [RFC2308]  Andrews, M., "Negative Caching of DNS Queries (DNS
442	              NCACHE)", RFC 2308, March 1998.

444	   [RFC2671]  Vixie, P., "Extension Mechanisms for DNS (EDNS0)",
445	              RFC 2671, August 1999.

447	   [RFC2821]  Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
448	              April 2001.

450	   [RFC2822]  Resnick, P., "Internet Message Format", RFC 2822,
451	              April 2001.

453	   [RFC3123]  Koch, P., "A DNS RR Type for Lists of Address Prefixes
454	              (APL RR)", RFC 3123, June 2001.

456	   [RFC4406]  Lyon, J. and M. Wong, "Sender ID: Authenticating E-Mail",
457	              RFC 4406, April 2006.

459	   [RFC4407]  Lyon, J., "Purported Responsible Address in E-Mail
460	              Messages", RFC 4407, April 2006.

462	   [RFC4408]  Wong, M. and W. Schlitt, "Sender Policy Framework (SPF)
463	              for Authorizing Use of Domains in E-Mail, Version 1",
464	              RFC 4408, April 2006.

466	   [r-VS-Reflect]
467	              Verisign, "Recent DNS Reflector Attacks From the Victim
468	              and the Reflector POV", June 2006,
469	              <http://public.oarci.net/files/mlarson-dnsops.pdf>.

471	Appendix A.  Example Attacking Domain Zone File

473	   @ IN SOA @ cert-test.mail-abuse.org.(
474	    2006062022 ;serial yyyymmddnn
475	    1H  ;refresh
476	    15M ;retry
477	    1D  ;expiry
478	    1D) ;minimum

480	     IN  NS  do-dev0.mail-abuse.org.

482	   $ORIGIN cert-test.mail-abuse.org. ;attacker
483	   EHLO  IN  A  168.61.5.1

485	   cert-test.mail-abuse.org.  IN  TXT  "v=spf1
486	    mx:0.%{l}.%{d} mx:1.%{l}.%{d} mx:2.%{l}.%{d}
487	    mx:3.%{l}.%{d} mx:4.%{l}.%{d} mx:5.%{l}.%{d}
488	    mx:6.%{l}.%{d} mx:7.%{l}.%{d} mx:8.%{l}.%{d}
489	    mx:9.%{l}.%{d} ?all"

491	   $ORIGIN jo.cert-test.
492	    123456789-123456789-123456789-123456789-123456789-123456789.
493	    123456789-123456789-123456789-123456789-123456789.
494	    123456789-123456789-123456789-123456789.
495	    123456789-123456789-123456789.
496	    123456789-123456789.
497	    123456789.
498	    example.com. ;victim

500	   0.jo.cert-test.mail-abuse.org.
501	    IN  MX  1  0-0
502	    IN  MX  1  0-1
503	    IN  MX  1  0-2
504	    IN  MX  1  0-3
505	    IN  MX  1  0-4
506	    IN  MX  1  0-5
507	    IN  MX  1  0-6
508	    IN  MX  1  0-7
509	    IN  MX  1  0-8
510	    IN  MX  1  0-9

512	   1.jo.cert-test.mail-abuse.org.
513	    IN  MX  1  1-0
514	    IN  MX  1  1-1
515	    IN  MX  1  1-2
516	    IN  MX  1  1-3
517	    IN  MX  1  1-4
518	    IN  MX  1  1-5
519	    IN  MX  1  1-6
520	    IN  MX  1  1-7
521	    IN  MX  1  1-8
522	    IN  MX  1  1-9

524	   2.jo.cert-test.mail-abuse.org.
525	    IN  MX  1  2-0
526	    IN  MX  1  2-1
527	    IN  MX  1  2-2
528	    IN  MX  1  2-3
529	    IN  MX  1  2-4
530	    IN  MX  1  2-5
531	    IN  MX  1  2-6
532	    IN  MX  1  2-7
533	    IN  MX  1  2-8
534	    IN  MX  1  2-9

536	   3.jo.cert-test.mail-abuse.org.
537	    IN  MX  1  3-0
538	    IN  MX  1  3-1
539	    IN  MX  1  3-2
540	    IN  MX  1  3-3
541	    IN  MX  1  3-4
542	    IN  MX  1  3-5
543	    IN  MX  1  3-6
544	    IN  MX  1  3-7
545	    IN  MX  1  3-8
546	    IN  MX  1  3-9

548	   4.jo.cert-test.mail-abuse.org.
549	    IN  MX  1  4-0
550	    IN  MX  1  4-1
551	    IN  MX  1  4-2
552	    IN  MX  1  4-3
553	    IN  MX  1  4-4
554	    IN  MX  1  4-5
555	    IN  MX  1  4-6
556	    IN  MX  1  4-7
557	    IN  MX  1  4-8
558	    IN  MX  1  4-9

560	   5.jo.cert-test.mail-abuse.org.
561	    IN  MX  1  5-0
562	    IN  MX  1  5-1
563	    IN  MX  1  5-2
564	    IN  MX  1  5-3
565	    IN  MX  1  5-4
566	    IN  MX  1  5-5
567	    IN  MX  1  5-6
568	    IN  MX  1  5-7
569	    IN  MX  1  5-8
570	    IN  MX  1  5-9

572	   6.jo.cert-test.mail-abuse.org.
573	    IN  MX  1  6-0
574	    IN  MX  1  6-1
575	    IN  MX  1  6-2
576	    IN  MX  1  6-3
577	    IN  MX  1  6-4
578	    IN  MX  1  6-5
579	    IN  MX  1  6-6
580	    IN  MX  1  6-7
581	    IN  MX  1  6-8
582	    IN  MX  1  6-9

584	   7.jo.cert-test.mail-abuse.org.
585	    IN  MX  1  7-0
586	    IN  MX  1  7-1
587	    IN  MX  1  7-2
588	    IN  MX  1  7-3
589	    IN  MX  1  7-4
590	    IN  MX  1  7-5
591	    IN  MX  1  7-6
592	    IN  MX  1  7-7
593	    IN  MX  1  7-8
594	    IN  MX  1  7-9

596	   8.jo.cert-test.mail-abuse.org.
597	    IN  MX  1  8-0
598	    IN  MX  1  8-1
599	    IN  MX  1  8-2
600	    IN  MX  1  8-3
601	    IN  MX  1  8-4
602	    IN  MX  1  8-5
603	    IN  MX  1  8-6
604	    IN  MX  1  8-7
605	    IN  MX  1  8-8
606	    IN  MX  1  8-9

608	   9.jo.cert-test.mail-abuse.org.
609	    IN  MX  1  9-0
610	    IN  MX  1  9-1
611	    IN  MX  1  9-2
612	    IN  MX  1  9-3
613	    IN  MX  1  9-4
614	    IN  MX  1  9-5
615	    IN  MX  1  9-6
616	    IN  MX  1  9-7
617	    IN  MX  1  9-8
618	    IN  MX  1  9-9

620	Appendix B.  Example Traffic Qualifying jo@cert-test.mail-abuse.org

622	   XMIT ATTACK Time  0.000000 Domain Name System (query)
623	   DNS Standard query TXT cert-test.mail-abuse.org
624	   Frame 1 (74 bytes on wire)
625	   UDP, Src Port: 52407 (52407), Dst Port: domain (53)

627	   RECV ATTACK Time  0.000237 Domain Name System (response)
628	   DNS Standard query response TXT
629	   Frame 2 (286 bytes on wire)
630	   UDP, Src Port: domain (53), Dst Port: 52407 (52407)

632	   XMIT ATTACK Time  0.000387 Domain Name System (query)
633	   DNS Standard query MX 0.jo.cert-test.mail-abuse.org
634	   Frame 3 (79 bytes on wire)
635	   UDP, Src Port: 61719 (61719), Dst Port: domain (53)

637	   RECV ATTACK Time  0.000668  Domain Name System (response)
638	   DNS Standard query response MX 1 0-2.jo.cert-test.
639	    123456789-123456789-123456789-123456789-123456789-123456789.
640	    123456789-123456789-123456789-123456789-123456789.
641	    123456789-123456789-123456789-123456789.
642	    123456789-123456789-123456789.123456789-123456789.123456789.
643	    example.com
644	    MX 1 0-3.jo.cert-test.
645	    123456789-123456789-123456789-123456789-123456789-123456789.

647	    123456789-123456789-123456789-123456789-123456789.
648	    123456789-123456789-123456789-123456789.
649	    123456789-123456789-123456789.123456789-123456789.123456789.
650	    example.com
651	    MX 1 0-4.jo.cert-test.
652	    123456789-123456789-123456789-123456789-123456789-123456789.
653	    123456789-123456789-123456789-123456789-123456789.
654	    123456789-123456789-123456789-123456789.
655	    123456789-123456789-123456789.123456789-123456789.123456789.
656	    example.com
657	    MX 1 0-5.jo.cert-test.
658	    123456789-123456789-123456789-123456789-123456789-123456789.
659	    123456789-123456789-123456789-123456789-123456789.
660	    123456789-123456789-123456789-123456789.
661	    123456789-123456789-123456789.123456789-123456789.123456789.
662	    example.com
663	    MX 1 0-6.jo.cert-test.
664	    123456789-123456789-123456789-123456789-123456789-123456789.
665	    123456789-123456789-123456789-123456789-123456789.
666	    123456789-123456789-123456789-123456789.
667	    123456789-123456789-123456789.123456789-123456789.123456789.
668	    example.com
669	    MX 1 0-7.jo.cert-test.
670	    123456789-123456789-123456789-123456789-123456789-123456789.
671	    123456789-123456789-123456789-123456789-123456789.
672	    123456789-123456789-123456789-123456789.
673	    123456789-123456789-123456789.123456789-123456789.123456789.
674	    example.com
675	    MX 1 0-8.jo.cert-test.
676	    123456789-123456789-123456789-123456789-123456789-123456789.
677	    123456789-123456789-123456789-123456789-123456789.
678	    123456789-123456789-123456789-123456789.
679	    123456789-123456789-123456789.123456789-123456789.123456789.
680	    example.com
681	    MX 1 0-9.jo.cert-test.
682	    123456789-123456789-123456789-123456789-123456789-123456789.
683	    123456789-123456789-123456789-123456789-123456789.
684	    123456789-123456789-123456789-123456789.
685	    123456789-123456789-123456789.123456789-123456789.123456789.
686	    example.com
687	    MX 1 0-0.jo.cert-test.
688	    123456789-123456789-123456789-123456789-123456789-123456789.
689	    123456789-123456789-123456789-123456789-123456789.
690	    123456789-123456789-123456789-123456789.
691	    123456789-123456789-123456789.123456789-123456789.123456789.
692	    example.com
693	    MX 1 0-1.jo.cert-test.
694	    123456789-123456789-123456789-123456789-123456789-123456789.

696	    123456789-123456789-123456789-123456789-123456789.
697	    123456789-123456789-123456789-123456789.
698	    123456789-123456789-123456789.123456789-123456789.123456789.
699	    example.com
700	   Frame 4 (535 bytes on the wire)
701	   UDP, Src Port: domain (53), Dst Port: 61719 (61719)

703	   XMIT VICTIM Time  0.000800 Domain Name System (query)
704	   Standard query A 0-2.jo.cert-test.
705	    123456789-123456789-123456789-123456789-123456789-123456789.
706	    123456789-123456789-123456789-123456789-123456789.
707	    123456789-123456789-123456789-123456789.
708	    123456789-123456789-123456789.123456789-123456789.123456789.
709	    example.com
710	   Frame 5 (288 bytes on the wire)
711	   UDP, Src Port: 60118 (60118), Dst Port: domain (53)

713	   RECV VICTIM Time  0.000877 Domain Name System (response)
714	   DNS Standard query response, No such name
715	   Frame 6 (348 bytes on the wire)
716	   UDP, Src Port: domain (53), Dst Port: 60118 (60118)

718	   XMIT VICTIM Time   0.000938 Domain Name System (query)
719	   DNS Standard query A 0-3.jo.cert-test.
720	    123456789-123456789-123456789-123456789-123456789-123456789.
721	    123456789-123456789-123456789-123456789-123456789.
722	    123456789-123456789-123456789-123456789.
723	    123456789-123456789-123456789.123456789-123456789.123456789.
724	    example.com
725	   Frame 7 (288 bytes on the wire)
726	   UDP, Src Port: 50197 (50197), Dst Port: domain (53)

728	   RECV VICTIM Time  0.001006 Domain Name System (response)
729	   DNS Standard query response, No such name
730	   Frame 8 (348 bytes on the wire)
731	   UDP, Src Port: domain (53), Dst Port: 50197 (50197)

733	   XMIT VICTIM Time  0.001064 Domain Name System (query)
734	   DNS Standard query A 0-4.jo.cert-test.
735	    123456789-123456789-123456789-123456789-123456789-123456789.
736	    123456789-123456789-123456789-123456789-123456789.
737	    123456789-123456789-123456789-123456789.
738	    123456789-123456789-123456789.123456789-123456789.123456789.
739	    example.com
740	   Frame 9 (288 bytes on the wire)
741	   UDP, Src Port: 64717 (64717), Dst Port: domain (53)

743	   RECV VICTIM Time  0.001143 Domain Name System (response)
744	   DNS Standard query response, No such name
745	   Frame 10 (348 bytes on the wire)
746	   UDP, Src Port: domain (53), Dst Port: 64717 (64717)

748	   XMIT VICTIM Time  0.001199 Domain Name System (query)
749	   DNS Standard query A 0-5.jo.cert-test.
750	    123456789-123456789-123456789-123456789-123456789-123456789.
751	    123456789-123456789-123456789-123456789-123456789.
752	    123456789-123456789-123456789-123456789.
753	    123456789-123456789-123456789.123456789-123456789.123456789.
754	    example.com
755	   Frame 11 (288 bytes on the wire)
756	   UDP, Src Port: 63300 (63300), Dst Port: domain (53)

758	   RECV VICTIM Time  0.001266 Domain Name System (response)
759	   DNS Standard query response, No such name
760	   Frame 12 (348 bytes on the wire)
761	   UDP, Src Port: domain (53), Dst Port: 63300 (63300)

763	   XMIT VICTIM Time  0.001322 Domain Name System (query)
764	   DNS Standard query A 0-6.jo.cert-test.
765	    123456789-123456789-123456789-123456789-123456789-123456789.
766	    123456789-123456789-123456789-123456789-123456789.
767	    123456789-123456789-123456789-123456789.
768	    123456789-123456789-123456789.123456789-123456789.123456789.
769	    example.com
770	   Frame 13 (288 bytes on the wire)
771	   UDP, Src Port: 63072 (63072), Dst Port: domain (53)

773	   RECV VICTIM Time  0.001388 Domain Name System (response)
774	   DNS Standard query response, No such name
775	   Frame 14 (348 bytes on the wire)
776	   UDP, Src Port: domain (53), Dst Port: 63072 (63072)

778	   XMIT VICTIM Time  0.001443 Domain Name System (query)
779	   DNS Standard query A 0-7.jo.cert-test.
780	    123456789-123456789-123456789-123456789-123456789-123456789.
781	    123456789-123456789-123456789-123456789-123456789.
782	    123456789-123456789-123456789-123456789.
783	    123456789-123456789-123456789.123456789-123456789.123456789.
784	    example.com
785	   Frame 15 (288 bytes on the wire)
786	   UDP, Src Port: 63053 (63053), Dst Port: domain (53)

788	   RECV VICTIM Time  0.001509 Domain Name System (response)
789	   DNS Standard query response, No such name
790	   Frame 16 (348 bytes on the wire)
791	   UDP, Src Port: domain (53), Dst Port: 63053 (63053)
792	   XMIT VICTIM Time  0.001568 Domain Name System (query)
793	   DNS Standard query A 0-8.jo.cert-test.
794	    123456789-123456789-123456789-123456789-123456789-123456789.
795	    123456789-123456789-123456789-123456789-123456789.
796	    123456789-123456789-123456789-123456789.
797	    123456789-123456789-123456789.123456789-123456789.123456789.
798	    example.com
799	   Frame 17 (288 bytes on the wire)
800	   UDP, Src Port: 49717 (49717), Dst Port: domain (53)

802	   RECV VICTIM Time   0.001634 Domain Name System (response)
803	   DNS Standard query response, No such name
804	   Frame 18 (348 bytes on the wire)
805	   UDP, Src Port: domain (53), Dst Port: 49717 (49717)

807	   XMIT VICTIM Time  0.001688 Domain Name System (query)
808	   DNS Standard query A 0-9.jo.cert-test.
809	    123456789-123456789-123456789-123456789-123456789-123456789.
810	    123456789-123456789-123456789-123456789-123456789.
811	    123456789-123456789-123456789-123456789.
812	    123456789-123456789-123456789.123456789-123456789.123456789.
813	    example.com
814	   Frame 19 (288 bytes on the wire)
815	   UDP, Src Port: 51282 (51282), Dst Port: domain (53)

817	   RECV VICTIM Time  0.001762 Domain Name System (response)
818	   DNS Standard query response, No such name
819	   Frame 20 (348 bytes on the wire)
820	   UDP, Src Port: domain (53), Dst Port: 51282 (51282)

822	   XMIT VICTIM Time  0.001817 Domain Name System (query)
823	   DNS Standard query A 0-0.jo.cert-test.
824	    123456789-123456789-123456789-123456789-123456789-123456789.
825	    123456789-123456789-123456789-123456789-123456789.
826	    123456789-123456789-123456789-123456789.
827	    123456789-123456789-123456789.123456789-123456789.123456789.
828	    example.com
829	   Frame 21 (288 bytes on the wire)
830	   UDP, Src Port: 62103 (62103), Dst Port: domain (53)

832	   RECV VICTIM Time  0.001884 Domain Name System (response)
833	   DNS Standard query response, No such name
834	   Frame 22 (348 bytes on the wire)
835	   UDP, Src Port: domain (53), Dst Port: 62103 (62103)

837	   XMIT VICTIM Time  0.001949 Domain Name System (query)
838	   DNS Standard query A 0-1.jo.cert-test.
839	    123456789-123456789-123456789-123456789-123456789-123456789.

841	    123456789-123456789-123456789-123456789-123456789.
842	    123456789-123456789-123456789-123456789.
843	    123456789-123456789-123456789.123456789-123456789.123456789.
844	    example.com
845	   Frame 23 (288 bytes on the wire)
846	   UDP, Src Port: 53435 (53435), Dst Port: domain (53)

848	   RECV VICTIM Time 0.002017 Domain Name System (response)
849	   DNS Standard query response, No such name
850	   Frame 24 (348 bytes on the wire)
851	   UDP, Src Port: domain (53), Dst Port: 53435 (53435)

853	   XMIT ATTACK Time  0.002077 Domain Name System (query)
854	   DNS Standard query MX 1.jo.cert-test.mail-abuse.org
855	   Frame 25 (79 bytes on the wire)
856	   UDP, Src Port: 59613 (59613), Dst Port: domain (53)

858	   RECV ATTACK Time  0.002310 Domain Name System (response)
859	   DNS Standard query response MX 1 1-2.jo.cert-test.
860	    123456789-123456789-123456789-123456789-123456789-123456789.
861	    123456789-123456789-123456789-123456789-123456789.
862	    123456789-123456789-123456789-123456789.
863	    123456789-123456789-123456789.123456789-123456789.123456789.
864	    example.com
865	    MX 1 1-3.jo.cert-test.
866	    123456789-123456789-123456789-123456789-123456789-123456789.
867	    123456789-123456789-123456789-123456789-123456789.
868	    123456789-123456789-123456789-123456789.
869	    123456789-123456789-123456789.123456789-123456789.123456789.
870	    example.com
871	    MX 1 1-4.jo.cert-test.
872	    123456789-123456789-123456789-123456789-123456789-123456789.
873	    123456789-123456789-123456789-123456789-123456789.
874	    123456789-123456789-123456789-123456789.
875	    123456789-123456789-123456789.123456789-123456789.123456789.
876	    example.com
877	    MX 1 1-5.jo.cert-test.
878	    123456789-123456789-123456789-123456789-123456789-123456789.
879	    123456789-123456789-123456789-123456789-123456789.
880	    123456789-123456789-123456789-123456789.
881	    123456789-123456789-123456789.123456789-123456789.123456789.
882	    example.com
883	    MX 1 1-6.jo.cert-test.
884	    123456789-123456789-123456789-123456789-123456789-123456789.
885	    123456789-123456789-123456789-123456789-123456789.
886	    123456789-123456789-123456789-123456789.
887	    123456789-123456789-123456789.123456789-123456789.123456789.
888	    example.com
889	    MX 1 1-7.jo.cert-test.
890	    123456789-123456789-123456789-123456789-123456789-123456789.
891	    123456789-123456789-123456789-123456789-123456789.
892	    123456789-123456789-123456789-123456789.
893	    123456789-123456789-123456789.123456789-123456789.123456789.
894	    example.com
895	    MX 1 1-8.jo.cert-test.
896	    123456789-123456789-123456789-123456789-123456789-123456789.
897	    123456789-123456789-123456789-123456789-123456789.
898	    123456789-123456789-123456789-123456789.
899	    123456789-123456789-123456789.123456789-123456789.123456789.
900	    example.com
901	    MX 1 1-9.jo.cert-test.
902	    123456789-123456789-123456789-123456789-123456789-123456789.
903	    123456789-123456789-123456789-123456789-123456789.
904	    123456789-123456789-123456789-123456789.
905	    123456789-123456789-123456789.123456789-123456789.123456789.
906	    example.com
907	    MX 1 1-0.jo.cert-test.
908	    123456789-123456789-123456789-123456789-123456789-123456789.
909	    123456789-123456789-123456789-123456789-123456789.
910	    123456789-123456789-123456789-123456789.
911	    123456789-123456789-123456789.123456789-123456789.
912	    123456789.example.com
913	    MX 1 1-1.jo.cert-test.
914	    123456789-123456789-123456789-123456789-123456789-123456789.
915	    123456789-123456789-123456789-123456789-123456789.
916	    123456789-123456789-123456789-123456789.
917	    123456789-123456789-123456789.123456789-123456789.123456789.
918	    example.com
919	   Frame 26 (535 bytes on the wire)
920	   UDP, Src Port: domain (53), Dst Port: 59613 (59613)

922	   XMIT VICTIM Time  0.002408 Domain Name System (query)
923	   DNS Standard query A 1-2.jo.cert-test.
924	    123456789-123456789-123456789-123456789-123456789-123456789.
925	    123456789-123456789-123456789-123456789-123456789.
926	    123456789-123456789-123456789-123456789.
927	    123456789-123456789-123456789.123456789-123456789.123456789.
928	    example.com
929	   Frame 27 (288 bytes on the wire)
930	   UDP, Src Port: 59249 (59249), Dst Port: domain (53)

932	   RECV VICTIM Time  0.002478 Domain Name System (response)
933	   DNS Standard query response, No such name
934	   Frame 28 (348 bytes on the wire)
935	   UDP, Src Port: domain (53), Dst Port: 59249 (59249)
936	   XMIT VICTIM Time  0.002534 Domain Name System (query)
937	   DNS Standard query A 1-3.jo.cert-test.
938	    123456789-123456789-123456789-123456789-123456789-123456789.
939	    123456789-123456789-123456789-123456789-123456789.
940	    123456789-123456789-123456789-123456789.
941	    123456789-123456789-123456789.123456789-123456789.123456789.
942	    example.com
943	   Frame 29 (288 bytes on the wire)
944	   UDP, Src Port: 61124 (61124), Dst Port: domain (53)

946	   RECV VICTIM Time  0.002612 Domain Name System (response)
947	   DNS Standard query response, No such name
948	   Frame 30 (348 bytes on the wire)
949	   UDP, Src Port: domain (53), Dst Port: 61124 (61124)

951	   XMIT VICTIM Time  0.002667 Domain Name System (query)
952	   DNS Standard query A 1-4.jo.cert-test.
953	    123456789-123456789-123456789-123456789-123456789-123456789.
954	    123456789-123456789-123456789-123456789-123456789.
955	    123456789-123456789-123456789-123456789.
956	    123456789-123456789-123456789.123456789-123456789.123456789.
957	    example.com
958	   Frame 31 (288 bytes on the wire)
959	   UDP, Src Port: 52851 (52851), Dst Port: domain (53)

961	   RECV VICTIM Time  0.002733 Domain Name System (response)
962	   DNS Standard query response, No such name
963	   Frame 32 (348 bytes on the wire)
964	   UDP, Src Port: domain (53), Dst Port: 52851 (52851)

966	   XMIT VICTIM Time  0.002787 Domain Name System (query)
967	   DNS Standard query A 1-5.jo.cert-test.
968	    123456789-123456789-123456789-123456789-123456789-123456789.
969	    123456789-123456789-123456789-123456789-123456789.
970	    123456789-123456789-123456789-123456789.
971	    123456789-123456789-123456789.123456789-123456789.123456789.
972	    example.com
973	   Frame 33 (288 bytes on the wire)
974	   UDP, Src Port: 58726 (58726), Dst Port: domain (53)

976	   RECV VICTIM Time  0.002852 Domain Name System (response)
977	   DNS Standard query response, No such name
978	   Frame 34 (348 bytes on the wire)
979	   UDP, Src Port: domain (53), Dst Port: 58726 (58726)

981	   XMIT VICTIM Time  0.002906 Domain Name System (query)
982	   DNS Standard query A 1-6.jo.cert-test.
983	    123456789-123456789-123456789-123456789-123456789-123456789.

985	    123456789-123456789-123456789-123456789-123456789.
986	    123456789-123456789-123456789-123456789.
987	    123456789-123456789-123456789.123456789-123456789.123456789.
988	    example.com
989	   Frame 35 (288 bytes on the wire)
990	   UDP, Src Port: 56126 (56126), Dst Port: domain (53)

992	   RECV VICTIM Time  0.002973 Domain Name System (response)
993	   DNS Standard query response, No such name
994	   Frame 36 (348 bytes on the wire)
995	   UDP, Src Port: domain (53), Dst Port: 56126 (56126)

997	   XMIT VICTIM Time  0.003038 Domain Name System (query)
998	   DNS Standard query A 1-7.jo.cert-test.
999	    123456789-123456789-123456789-123456789-123456789-123456789.
1000	    123456789-123456789-123456789-123456789-123456789.
1001	    123456789-123456789-123456789-123456789.
1002	    123456789-123456789-123456789.123456789-123456789.123456789.
1003	    example.com
1004	   Frame 37 (288 bytes on the wire)
1005	   UDP, Src Port: 61690 (61690), Dst Port: domain (53)

1007	   RECV VICTIM Time  0.003106 Domain Name System (response)
1008	   DNS Standard query response, No such name
1009	   Frame 38 (348 bytes on the wire)
1010	   UDP, Src Port: domain (53), Dst Port: 61690 (61690)

1012	   XMIT VICTIM Time  0.003161 Domain Name System (query)
1013	   DNS Standard query A 1-8.jo.cert-test.
1014	    123456789-123456789-123456789-123456789-123456789-123456789.
1015	    123456789-123456789-123456789-123456789-123456789.
1016	    123456789-123456789-123456789-123456789.
1017	    123456789-123456789-123456789.123456789-123456789.123456789.
1018	    example.com
1019	   Frame 39 (288 bytes on the wire)
1020	   UDP, Src Port: 51783 (51783), Dst Port: domain (53)

1022	   RECV VICTIM Time  0.003236 Domain Name System (response)
1023	   DNS Standard query response, No such name
1024	   Frame 40 (348 bytes on the wire)
1025	   UDP, Src Port: domain (53), Dst Port: 51783 (51783)

1027	   XMIT VICTIM Time  0.003292 Domain Name System (query)
1028	   DNS Standard query A 1-9.jo.cert-test.
1029	    123456789-123456789-123456789-123456789-123456789-123456789.
1030	    123456789-123456789-123456789-123456789-123456789.
1031	    123456789-123456789-123456789-123456789.
1032	    123456789-123456789-123456789.123456789-123456789.123456789.

1034	    example.com
1035	   Frame 41 (288 bytes on the wire)
1036	   UDP, Src Port: 60344 (60344), Dst Port: domain (53)

1038	   RECV VICTIM Time  0.003359 Domain Name System (response)
1039	   DNS Standard query response, No such name
1040	   Frame 42 (348 bytes on the wire)
1041	   UDP, Src Port: domain (53), Dst Port: 60344 (60344)

1043	   XMIT VICTIM Time  0.003413 Domain Name System (query)
1044	   DNS Standard query A 1-0.jo.cert-test.
1045	    123456789-123456789-123456789-123456789-123456789-123456789.
1046	    123456789-123456789-123456789-123456789-123456789.
1047	    123456789-123456789-123456789-123456789.
1048	    123456789-123456789-123456789.123456789-123456789.123456789.
1049	    example.com
1050	   Frame 43 (288 bytes on the wire)
1051	   UDP, Src Port: 63367 (63367), Dst Port: domain (53)

1053	   RECV VICTIM Time  0.003479 Domain Name System (response)
1054	   DNS Standard query response, No such name
1055	   Frame 44 (348 bytes on the wire)
1056	   UDP, Src Port: domain (53), Dst Port: 63367 (63367)

1058	   XMIT VICTIM Time  0.003533 Domain Name System (query)
1059	   DNS Standard query A 1-1.jo.cert-test.
1060	    123456789-123456789-123456789-123456789-123456789-123456789.
1061	    123456789-123456789-123456789-123456789-123456789.
1062	    123456789-123456789-123456789-123456789.
1063	    123456789-123456789-123456789.123456789-123456789.123456789.
1064	    example.com
1065	   Frame 45 (288 bytes on the wire)
1066	   UDP, Src Port: 51204 (51204), Dst Port: domain (53)

1068	   RECV VICTIM Time  0.003603 Domain Name System (response)
1069	   DNS Standard query response, No such name
1070	   Frame 46 (348 bytes on the wire)
1071	   UDP, Src Port: domain (53), Dst Port: 51204 (51204)

1073	   XMIT ATTACK Time  0.003661 Domain Name System (query)
1074	   DNS Standard query MX 2.jo.cert-test.mail-abuse.org
1075	   Frame 47 (79 bytes on the wire)
1076	   UDP, Src Port: 61534 (61534), Dst Port: domain (53)

1078	   RECV ATTACK Time  0.003894 Domain Name System (response)
1079	   DNS Standard query response MX 1 2-2.jo.cert-test.
1080	    123456789-123456789-123456789-123456789-123456789-123456789.
1081	    123456789-123456789-123456789-123456789-123456789.

1083	    123456789-123456789-123456789-123456789.
1084	    123456789-123456789-123456789.123456789-123456789.123456789.
1085	    example.com
1086	    MX 1 2-3.jo.cert-test.
1087	    123456789-123456789-123456789-123456789-123456789-123456789.
1088	    123456789-123456789-123456789-123456789-123456789.
1089	    123456789-123456789-123456789-123456789.
1090	    123456789-123456789-123456789.123456789-123456789.123456789.
1091	    example.com
1092	    MX 1 2-4.jo.cert-test.
1093	    123456789-123456789-123456789-123456789-123456789-123456789.
1094	    123456789-123456789-123456789-123456789-123456789.
1095	    123456789-123456789-123456789-123456789.
1096	    123456789-123456789-123456789.123456789-123456789.123456789.
1097	    example.com
1098	    MX 1 2-5.jo.cert-test.
1099	    123456789-123456789-123456789-123456789-123456789-123456789.
1100	    123456789-123456789-123456789-123456789-123456789.
1101	    123456789-123456789-123456789-123456789.
1102	    123456789-123456789-123456789.123456789-123456789.123456789.
1103	    example.com
1104	    MX 1 2-6.jo.cert-test.
1105	    123456789-123456789-123456789-123456789-123456789-123456789.
1106	    123456789-123456789-123456789-123456789-123456789.
1107	    123456789-123456789-123456789-123456789.
1108	    123456789-123456789-123456789.123456789-123456789.123456789.
1109	    example.com
1110	    MX 1 2-7.jo.cert-test.
1111	    123456789-123456789-123456789-123456789-123456789-123456789.
1112	    123456789-123456789-123456789-123456789-123456789.
1113	    123456789-123456789-123456789-123456789.
1114	    123456789-123456789-123456789.123456789-123456789.123456789.
1115	    example.com
1116	    MX 1 2-8.jo.cert-test.
1117	    123456789-123456789-123456789-123456789-123456789-123456789.
1118	    123456789-123456789-123456789-123456789-123456789.
1119	    123456789-123456789-123456789-123456789.
1120	    123456789-123456789-123456789.123456789-123456789.123456789.
1121	    example.com
1122	    MX 1 2-9.jo.cert-test.
1123	    123456789-123456789-123456789-123456789-123456789-123456789.
1124	    123456789-123456789-123456789-123456789-123456789.
1125	    123456789-123456789-123456789-123456789.
1126	    123456789-123456789-123456789.123456789-123456789.123456789.
1127	    example.com
1128	    MX 1 2-0.jo.cert-test.
1129	    123456789-123456789-123456789-123456789-123456789-123456789.
1130	    123456789-123456789-123456789-123456789-123456789.

1132	    123456789-123456789-123456789-123456789.
1133	    123456789-123456789-123456789.123456789-123456789.123456789.
1134	    example.com
1135	    MX 1 2-1.jo.cert-test.
1136	    123456789-123456789-123456789-123456789-123456789-123456789.
1137	    123456789-123456789-123456789-123456789-123456789.
1138	    123456789-123456789-123456789-123456789.
1139	    123456789-123456789-123456789.123456789-123456789.123456789.
1140	    example.com
1141	   Frame 48 (535 bytes on the wire)
1142	   UDP, Src Port: domain (53), Dst Port: 61534 (61534)

1144	   XMIT VICTIM Time  0.003993 Domain Name System (query)
1145	   DNS Standard query A 2-2.jo.cert-test.
1146	    123456789-123456789-123456789-123456789-123456789-123456789.
1147	    123456789-123456789-123456789-123456789-123456789.
1148	    123456789-123456789-123456789-123456789.
1149	    123456789-123456789-123456789.123456789-123456789.123456789.
1150	    example.com
1151	   Frame 49 (288 bytes on the wire)
1152	   UDP, Src Port: 50303 (50303), Dst Port: domain (53)

1154	   RECV VICTIM Time  0.004071 Domain Name System (response)
1155	   DNS Standard query response, No such name
1156	   Frame 50 (348 bytes on the wire)
1157	   UDP, Src Port: domain (53), Dst Port: 50303 (50303)

1159	   XMIT VICTIM Time  0.004139 Domain Name System (query)
1160	   DNS Standard query A 2-3.jo.cert-test.
1161	    123456789-123456789-123456789-123456789-123456789-123456789.
1162	    123456789-123456789-123456789-123456789-123456789.
1163	    123456789-123456789-123456789-123456789.
1164	    123456789-123456789-123456789.123456789-123456789.123456789.
1165	    example.com
1166	   Frame 51 (288 bytes on the wire)
1167	   UDP, Src Port: 52940 (52940), Dst Port: domain (53)

1169	   RECV VICTIM Time 0.004206 Domain Name System (response)
1170	   DNS Standard query response, No such name
1171	   Frame 52 (348 bytes on the wire)
1172	   UDP, Src Port: domain (53), Dst Port: 52940 (52940)

1174	   XMIT VICTIM Time 0.004261 Domain Name System (query)
1175	   DNS Standard query A 2-4.jo.cert-test.
1176	    123456789-123456789-123456789-123456789-123456789-123456789.
1177	    123456789-123456789-123456789-123456789-123456789.
1178	    123456789-123456789-123456789-123456789.
1179	    123456789-123456789-123456789.123456789-123456789.123456789.

1181	    example.com
1182	   Frame 53 (288 bytes on the wire)
1183	   UDP, Src Port: 60474 (60474), Dst Port: domain (53)

1185	   RECV VICTIM Time 0.004327 Domain Name System (response)
1186	   DNS Standard query response, No such name
1187	   Frame 54 (348 bytes on the wire)
1188	   UDP, Src Port: domain (53), Dst Port: 60474 (60474)

1190	   XMIT VICTIM Time 0.004382 Domain Name System (query)
1191	   DNS Standard query A 2-5.jo.cert-test.
1192	    123456789-123456789-123456789-123456789-123456789-123456789.
1193	    123456789-123456789-123456789-123456789-123456789.
1194	    123456789-123456789-123456789-123456789.
1195	    123456789-123456789-123456789.123456789-123456789.123456789.
1196	    example.com
1197	   Frame 55 (288 bytes on the wire)
1198	   UDP, Src Port: 49663 (49663), Dst Port: domain (53)

1200	   RECV VICTIM Time 0.004447 Domain Name System (response)
1201	   DNS Standard query response, No such name
1202	   Frame 56 (348 bytes on the wire)
1203	   UDP, Src Port: domain (53), Dst Port: 49663 (49663)

1205	   XMIT VICTIM Time 0.004502 Domain Name System (query)
1206	   DNS Standard query A 2-6.jo.cert-test.
1207	    123456789-123456789-123456789-123456789-123456789-123456789.
1208	    123456789-123456789-123456789-123456789-123456789.
1209	    123456789-123456789-123456789-123456789.
1210	    123456789-123456789-123456789.123456789-123456789.123456789.
1211	    example.com
1212	   Frame 57 (288 bytes on the wire)
1213	   UDP, Src Port: 61283 (61283), Dst Port: domain (53)

1215	   RECV VICTIM Time 0.004571 Domain Name System (response)
1216	   DNS Standard query response, No such name
1217	   Frame 58 (348 bytes on the wire)
1218	   UDP, Src Port: domain (53), Dst Port: 61283 (61283)

1220	   XMIT VICTIM Time 0.004625 Domain Name System (query)
1221	   DNS Standard query A 2-7.jo.cert-test.
1222	    123456789-123456789-123456789-123456789-123456789-123456789.
1223	    123456789-123456789-123456789-123456789-123456789.
1224	    123456789-123456789-123456789-123456789.
1225	    123456789-123456789-123456789.123456789-123456789.123456789.
1226	    example.com
1227	   Frame 59 (288 bytes on the wire)
1228	   UDP, Src Port: 60191 (60191), Dst Port: domain (53)
1229	   RECV VICTIM Time 0.004698 Domain Name System (response)
1230	   DNS Standard query response, No such name
1231	   Frame 60 (348 bytes on the wire)
1232	   UDP, Src Port: domain (53), Dst Port: 60191 (60191)

1234	   XMIT VICTIM Time 0.004753 Domain Name System (query)
1235	   DNS Standard query A 2-8.jo.cert-test.
1236	    123456789-123456789-123456789-123456789-123456789-123456789.
1237	    123456789-123456789-123456789-123456789-123456789.
1238	    123456789-123456789-123456789-123456789.
1239	    123456789-123456789-123456789.123456789-123456789.123456789.
1240	    example.com
1241	   Frame 61 (288 bytes on the wire)
1242	   UDP, Src Port: 58486 (58486), Dst Port: domain (53)

1244	   RECV VICTIM Time 0.004819 Domain Name System (response)
1245	   DNS Standard query response, No such name
1246	   Frame 62 (348 bytes on the wire)
1247	   UDP, Src Port: domain (53), Dst Port: 58486 (58486)

1249	   XMIT VICTIM Time 0.004874 Domain Name System (query)
1250	   DNS Standard query A 2-9.jo.cert-test.
1251	    123456789-123456789-123456789-123456789-123456789-123456789.
1252	    123456789-123456789-123456789-123456789-123456789.
1253	    123456789-123456789-123456789-123456789.
1254	    123456789-123456789-123456789.123456789-123456789.123456789.
1255	    example.com
1256	   Frame 63 (288 bytes on the wire)
1257	   UDP, Src Port: 62555 (62555), Dst Port: domain (53)

1259	   RECV VICTIM Time 0.004939 Domain Name System (response)
1260	   DNS Standard query response, No such name
1261	   Frame 64 (348 bytes on the wire)
1262	   UDP, Src Port: domain (53), Dst Port: 62555 (62555)

1264	   XMIT VICTIM Time 0.004993 Domain Name System (query)
1265	   DNS Standard query A 2-0.jo.cert-test.
1266	    123456789-123456789-123456789-123456789-123456789-123456789.
1267	    123456789-123456789-123456789-123456789-123456789.
1268	    123456789-123456789-123456789-123456789.
1269	    123456789-123456789-123456789.123456789-123456789.123456789.
1270	    example.com
1271	   Frame 65 (288 bytes on the wire)
1272	   UDP, Src Port: 49410 (49410), Dst Port: domain (53)

1274	   RECV VICTIM Time  0.005060 Domain Name System (response)
1275	   DNS Standard query response, No such name
1276	   Frame 66 (348 bytes on the wire)
1277	   UDP, Src Port: domain (53), Dst Port: 49410 (49410)

1279	   XMIT VICTIM Time  0.005115 Domain Name System (query)
1280	   DNS Standard query A 2-1.jo.cert-test.
1281	    123456789-123456789-123456789-123456789-123456789-123456789.
1282	    123456789-123456789-123456789-123456789-123456789.
1283	    123456789-123456789-123456789-123456789.
1284	    123456789-123456789-123456789.123456789-123456789.123456789.
1285	    example.com
1286	   Frame 67 (288 bytes on the wire)
1287	   UDP, Src Port: 59650 (59650), Dst Port: domain (53)

1289	   RECV VICTIM Time  0.005180 Domain Name System (response)
1290	   DNS Standard query response, No such name
1291	   Frame 68 (348 bytes on the wire)
1292	   UDP, Src Port: domain (53), Dst Port: 59650 (59650)

1294	   XMIT ATTACK Time  0.005236 Domain Name System (query)
1295	   DNS Standard query MX 3.jo.cert-test.mail-abuse.org
1296	   Frame 69 (79 bytes on the wire)
1297	   UDP, Src Port: 60922 (60922), Dst Port: domain (53)

1299	   RECV ATTACK Time  0.005477 Domain Name System (response)
1300	   DNS Standard query response MX 1 3-2.jo.cert-test.
1301	    123456789-123456789-123456789-123456789-123456789-123456789.
1302	    123456789-123456789-123456789-123456789-123456789.
1303	    123456789-123456789-123456789-123456789.
1304	    123456789-123456789-123456789.123456789-123456789.123456789.
1305	    example.com
1306	    MX 1 3-3.jo.cert-test.
1307	    123456789-123456789-123456789-123456789-123456789-123456789.
1308	    123456789-123456789-123456789-123456789-123456789.
1309	    123456789-123456789-123456789-123456789.
1310	    123456789-123456789-123456789.123456789-123456789.123456789.
1311	    example.com
1312	    MX 1 3-4.jo.cert-test.
1313	    123456789-123456789-123456789-123456789-123456789-123456789.
1314	    123456789-123456789-123456789-123456789-123456789.
1315	    123456789-123456789-123456789-123456789.
1316	    123456789-123456789-123456789.123456789-123456789.123456789.
1317	    example.com
1318	    MX 1 3-5.jo.cert-test.
1319	    123456789-123456789-123456789-123456789-123456789-123456789.
1320	    123456789-123456789-123456789-123456789-123456789.
1321	    123456789-123456789-123456789-123456789.
1322	    123456789-123456789-123456789.123456789-123456789.123456789.
1323	    example.com
1324	    MX 1 3-6.jo.cert-test.

1326	    123456789-123456789-123456789-123456789-123456789-123456789.
1327	    123456789-123456789-123456789-123456789-123456789.
1328	    123456789-123456789-123456789-123456789.
1329	    123456789-123456789-123456789.123456789-123456789.123456789.
1330	    example.com
1331	    MX 1 3-7.jo.cert-test.
1332	    123456789-123456789-123456789-123456789-123456789-123456789.
1333	    123456789-123456789-123456789-123456789-123456789.
1334	    123456789-123456789-123456789-123456789.
1335	    123456789-123456789-123456789.123456789-123456789.123456789.
1336	    example.com
1337	    MX 1 3-8.jo.cert-test.
1338	    123456789-123456789-123456789-123456789-123456789-123456789.
1339	    123456789-123456789-123456789-123456789-123456789.
1340	    123456789-123456789-123456789-123456789.
1341	    123456789-123456789-123456789.123456789-123456789.123456789.
1342	    example.com
1343	    MX 1 3-9.jo.cert-test.
1344	    123456789-123456789-123456789-123456789-123456789-123456789.
1345	    123456789-123456789-123456789-123456789-123456789.
1346	    123456789-123456789-123456789-123456789.
1347	    123456789-123456789-123456789.123456789-123456789.123456789.
1348	    example.com
1349	    MX 1 3-0.jo.cert-test.
1350	    123456789-123456789-123456789-123456789-123456789-123456789.
1351	    123456789-123456789-123456789-123456789-123456789.
1352	    123456789-123456789-123456789-123456789.
1353	    123456789-123456789-123456789.123456789-123456789.123456789.
1354	    example.com
1355	    MX 1 3-1.jo.cert-test.
1356	    123456789-123456789-123456789-123456789-123456789-123456789.
1357	    123456789-123456789-123456789-123456789-123456789.
1358	    123456789-123456789-123456789-123456789.
1359	    123456789-123456789-123456789.123456789-123456789.123456789.
1360	    example.com
1361	   Frame 70 (535 bytes on the wire)
1362	   UDP, Src Port: domain (53), Dst Port: 60922 (60922)

1364	   XMIT VICTIM Time  0.005592 Domain Name System (query)
1365	   DNS Standard query A 3-2.jo.cert-test.
1366	    123456789-123456789-123456789-123456789-123456789-123456789.
1367	    123456789-123456789-123456789-123456789-123456789.
1368	    123456789-123456789-123456789-123456789.
1369	    123456789-123456789-123456789.123456789-123456789.123456789.
1370	    example.com
1371	   Frame 71 (288 bytes on the wire)
1372	   UDP, Src Port: 60056 (60056), Dst Port: domain (53)
1373	   RECV VICTIM Time  0.005662 Domain Name System (response)
1374	   DNS Standard query response, No such name
1375	   Frame 72 (348 bytes on the wire)
1376	   UDP, Src Port: domain (53), Dst Port: 60056 (60056)

1378	   XMIT VICTIM Time  0.005717 Domain Name System (query)
1379	   DNS Standard query A 3-3.jo.cert-test.
1380	    123456789-123456789-123456789-123456789-123456789-123456789.
1381	    123456789-123456789-123456789-123456789-123456789.
1382	    123456789-123456789-123456789-123456789.
1383	    123456789-123456789-123456789.123456789-123456789.123456789.
1384	    example.com
1385	   Frame 73 (288 bytes on the wire)
1386	   UDP, Src Port: 51567 (51567), Dst Port: domain (53)

1388	   RECV VICTIM Time  0.005783 Domain Name System (response)
1389	   DNS Standard query response, No such name
1390	   Frame 74 (348 bytes on the wire)
1391	   UDP, Src Port: domain (53), Dst Port: 51567 (51567)

1393	   XMIT VICTIM Time  0.005839 Domain Name System (query)
1394	   DNS Standard query A 3-4.jo.cert-test.
1395	    123456789-123456789-123456789-123456789-123456789-123456789.
1396	    123456789-123456789-123456789-123456789-123456789.
1397	    123456789-123456789-123456789-123456789.
1398	    123456789-123456789-123456789.123456789-123456789.123456789.
1399	    example.com
1400	   Frame 75 (288 bytes on the wire)
1401	   UDP, Src Port: 55946 (55946), Dst Port: domain (53)

1403	   RECV VICTIM Time  0.005904 Domain Name System (response)
1404	   DNS Standard query response, No such name
1405	   Frame 76 (348 bytes on the wire)
1406	   UDP, Src Port: domain (53), Dst Port: 55946 (55946)

1408	   XMIT VICTIM Time   0.005958 Domain Name System (query)
1409	   DNS Standard query A 3-5.jo.cert-test.
1410	    123456789-123456789-123456789-123456789-123456789-123456789.
1411	    123456789-123456789-123456789-123456789-123456789.
1412	    123456789-123456789-123456789-123456789.
1413	    123456789-123456789-123456789.123456789-123456789.123456789.
1414	    example.com
1415	   Frame 77 (288 bytes on the wire)
1416	   UDP, Src Port: 61606 (61606), Dst Port: domain (53)

1418	   RECV VICTIM Time  0.006022 Domain Name System (response)
1419	   DNS Standard query response, No such name
1420	   Frame 78 (348 bytes on the wire)
1421	   UDP, Src Port: domain (53), Dst Port: 61606 (61606)

1423	   XMIT VICTIM Time  0.006077 Domain Name System (query)
1424	   DNS Standard query A 3-6.jo.cert-test.
1425	    123456789-123456789-123456789-123456789-123456789-123456789.
1426	    123456789-123456789-123456789-123456789-123456789.
1427	    123456789-123456789-123456789-123456789.
1428	    123456789-123456789-123456789.123456789-123456789.123456789.
1429	    example.com
1430	   Frame 79 (288 bytes on the wire)
1431	   UDP, Src Port: 57948 (57948), Dst Port: domain (53)

1433	   RECV VICTIM Time 0.006151 Domain Name System (response)
1434	   DNS Standard query response, No such name
1435	   Frame 80 (348 bytes on the wire)
1436	   UDP, Src Port: domain (53), Dst Port: 57948 (57948)

1438	   XMIT VICTIM Time 0.006205 Domain Name System (query)
1439	   DNS Standard query A 3-7.jo.cert-test.
1440	    123456789-123456789-123456789-123456789-123456789-123456789.
1441	    123456789-123456789-123456789-123456789-123456789.
1442	    123456789-123456789-123456789-123456789.
1443	    123456789-123456789-123456789.123456789-123456789.123456789.
1444	    example.com
1445	   Frame 81 (288 bytes on the wire)
1446	   UDP, Src Port: 62371 (62371), Dst Port: domain (53)

1448	   RECV VICTIM Time 0.006270 Domain Name System (response)
1449	   DNS Standard query response, No such name
1450	   Frame 82 (348 bytes on the wire)
1451	   UDP, Src Port: domain (53), Dst Port: 62371 (62371)

1453	   XMIT VICTIM Time 0.006325 Domain Name System (query)
1454	   DNS Standard query A 3-8.jo.cert-test.
1455	    123456789-123456789-123456789-123456789-123456789-123456789.
1456	    123456789-123456789-123456789-123456789-123456789.
1457	    123456789-123456789-123456789-123456789.
1458	    123456789-123456789-123456789.123456789-123456789.123456789.
1459	    example.com
1460	   Frame 83 (288 bytes on the wire)
1461	   UDP, Src Port: 51455 (51455), Dst Port: domain (53)

1463	   RECV VICTIM Time  0.006390 Domain Name System (response)
1464	   DNS Standard query response, No such name
1465	   Frame 84 (348 bytes on the wire)
1466	   UDP, Src Port: domain (53), Dst Port: 51455 (51455)

1468	   XMIT VICTIM Time  0.006444 Domain Name System (query)
1469	   DNS Standard query A 3-9.jo.cert-test.
1470	    123456789-123456789-123456789-123456789-123456789-123456789.
1471	    123456789-123456789-123456789-123456789-123456789.
1472	    123456789-123456789-123456789-123456789.
1473	    123456789-123456789-123456789.123456789-123456789.123456789.
1474	    example.com
1475	   Frame 85 (288 bytes on the wire)
1476	   UDP, Src Port: 50959 (50959), Dst Port: domain (53)

1478	   RECV VICTIM Time  0.006510 Domain Name System (response)
1479	   DNS Standard query response, No such name
1480	   Frame 86 (348 bytes on the wire)
1481	   UDP, Src Port: domain (53), Dst Port: 50959 (50959)

1483	   XMIT VICTIM Time 0.006569 Domain Name System (query)
1484	   DNS Standard query A 3-0.jo.cert-test.
1485	    123456789-123456789-123456789-123456789-123456789-123456789.
1486	    123456789-123456789-123456789-123456789-123456789.
1487	    123456789-123456789-123456789-123456789.
1488	    123456789-123456789-123456789.123456789-123456789.123456789.
1489	    example.com
1490	   Frame 87 (288 bytes on the wire)
1491	   UDP, Src Port: 50458 (50458), Dst Port: domain (53)

1493	   RECV VICTIM Time 0.006635 Domain Name System (response)
1494	   DNS Standard query response, No such name
1495	   Frame 88 (348 bytes on the wire)
1496	   UDP, Src Port: domain (53), Dst Port: 50458 (50458)

1498	   XMIT VICTIM Time 0.006688 Domain Name System (query)
1499	   DNS Standard query A 3-1.jo.cert-test.
1500	    123456789-123456789-123456789-123456789-123456789-123456789.
1501	    123456789-123456789-123456789-123456789-123456789.
1502	    123456789-123456789-123456789-123456789.
1503	    123456789-123456789-123456789.123456789-123456789.123456789.
1504	    example.com
1505	   Frame 89 (288 bytes on the wire)
1506	   UDP, Src Port: 55297 (55297), Dst Port: domain (53)

1508	   RECV VICTIM Time 0.006762 Domain Name System (response)
1509	   DNS Standard query response, No such name
1510	   Frame 90 (348 bytes on the wire)
1511	   UDP, Src Port: domain (53), Dst Port: 55297 (55297)

1513	   XMIT ATTACK Time 0.006829 Domain Name System (query)
1514	   DNS Standard query MX 4.jo.cert-test.mail-abuse.org
1515	   Frame 91 (79 bytes on the wire)
1516	   UDP, Src Port: 55642 (55642), Dst Port: domain (53)
1517	   RECV ATTACK Time  0.007064 Domain Name System (response)
1518	   DNS Standard query response MX 1 4-2.jo.cert-test.
1519	    123456789-123456789-123456789-123456789-123456789-123456789.
1520	    123456789-123456789-123456789-123456789-123456789.
1521	    123456789-123456789-123456789-123456789.
1522	    123456789-123456789-123456789.123456789-123456789.123456789.
1523	    example.com
1524	    MX 1 4-3.jo.cert-test.
1525	    123456789-123456789-123456789-123456789-123456789-123456789.
1526	    123456789-123456789-123456789-123456789-123456789.
1527	    123456789-123456789-123456789-123456789.
1528	    123456789-123456789-123456789.123456789-123456789.123456789.
1529	    example.com
1530	    MX 1 4-4.jo.cert-test.
1531	    123456789-123456789-123456789-123456789-123456789-123456789.
1532	    123456789-123456789-123456789-123456789-123456789.
1533	    123456789-123456789-123456789-123456789.
1534	    123456789-123456789-123456789.123456789-123456789.123456789.
1535	    example.com
1536	    MX 1 4-5.jo.cert-test.
1537	    123456789-123456789-123456789-123456789-123456789-123456789.
1538	    123456789-123456789-123456789-123456789-123456789.
1539	    123456789-123456789-123456789-123456789.
1540	    123456789-123456789-123456789.123456789-123456789.123456789.
1541	    example.com
1542	    MX 1 4-6.jo.cert-test.
1543	    123456789-123456789-123456789-123456789-123456789-123456789.
1544	    123456789-123456789-123456789-123456789-123456789.
1545	    123456789-123456789-123456789-123456789.
1546	    123456789-123456789-123456789.123456789-123456789.123456789.
1547	    example.com
1548	    MX 1 4-7.jo.cert-test.
1549	    123456789-123456789-123456789-123456789-123456789-123456789.
1550	    123456789-123456789-123456789-123456789-123456789.
1551	    123456789-123456789-123456789-123456789.
1552	    123456789-123456789-123456789.123456789-123456789.123456789
1553	             .example.com
1554	    MX 1 4-8.jo.cert-test.
1555	    123456789-123456789-123456789-123456789-123456789-123456789.
1556	    123456789-123456789-123456789-123456789-123456789.
1557	    123456789-123456789-123456789-123456789.
1558	    123456789-123456789-123456789.123456789-123456789.123456789.
1559	    example.com
1560	    MX 1 4-9.jo.cert-test.
1561	    123456789-123456789-123456789-123456789-123456789-123456789.
1562	    123456789-123456789-123456789-123456789-123456789.
1563	    123456789-123456789-123456789-123456789.
1564	    123456789-123456789-123456789.123456789-123456789.123456789.

1566	    example.com
1567	    MX 1 4-0.jo.cert-test.
1568	    123456789-123456789-123456789-123456789-123456789-123456789.
1569	    123456789-123456789-123456789-123456789-123456789.
1570	    123456789-123456789-123456789-123456789.
1571	    123456789-123456789-123456789.123456789-123456789.123456789.
1572	    example.com
1573	    MX 1 4-1.jo.cert-test.
1574	    123456789-123456789-123456789-123456789-123456789-123456789.
1575	    123456789-123456789-123456789-123456789-123456789.
1576	    123456789-123456789-123456789-123456789.
1577	    123456789-123456789-123456789.123456789-123456789.123456789.
1578	    example.com
1579	   Frame 92 (535 bytes on the wire)
1580	   UDP, Src Port: domain (53), Dst Port: 55642 (55642)

1582	   XMIT VICTIM Time 0.007173 Domain Name System (query)
1583	   DNS Standard query A 4-2.jo.cert-test.
1584	    123456789-123456789-123456789-123456789-123456789-123456789.
1585	    123456789-123456789-123456789-123456789-123456789.
1586	    123456789-123456789-123456789-123456789.
1587	    123456789-123456789-123456789.123456789-123456789.123456789.
1588	    example.com
1589	   Frame 93 (288 bytes on the wire)
1590	   UDP, Src Port: 60109 (60109), Dst Port: domain (53)

1592	   RECV VICTIM Time 0.007243 Domain Name System (response)
1593	   DNS Standard query response, No such name
1594	   Frame 94 (348 bytes on the wire)
1595	   UDP, Src Port: domain (53), Dst Port: 60109 (60109)

1597	   XMIT VICTIM Time 0.007299 Domain Name System (query)
1598	   DNS Standard query A 4-3.jo.cert-test.
1599	    123456789-123456789-123456789-123456789-123456789-123456789.
1600	    123456789-123456789-123456789-123456789-123456789.
1601	    123456789-123456789-123456789-123456789.
1602	    123456789-123456789-123456789.123456789-123456789.123456789.
1603	    example.com
1604	   Frame 95 (288 bytes on the wire)
1605	   UDP, Src Port: 59804 (59804), Dst Port: domain (53)

1607	   RECV VICTIM Time 0.007365 Domain Name System (response)
1608	   DNS Standard query response, No such name
1609	   Frame 96 (348 bytes on the wire)
1610	   UDP, Src Port: domain (53), Dst Port: 59804 (59804)

1612	   XMIT VICTIM Time 0.007419 Domain Name System (query)
1613	   DNS Standard query A 4-4.jo.cert-test.

1615	    123456789-123456789-123456789-123456789-123456789-123456789.
1616	    123456789-123456789-123456789-123456789-123456789.
1617	    123456789-123456789-123456789-123456789.
1618	    123456789-123456789-123456789.123456789-123456789.123456789.
1619	    example.com
1620	   Frame 97 (288 bytes on the wire)
1621	   UDP, Src Port: 59201 (59201), Dst Port: domain (53)

1623	   RECV VICTIM Time 0.007486 Domain Name System (response)
1624	   DNS Standard query response, No such name
1625	   Frame 98 (348 bytes on the wire)
1626	   UDP, Src Port: domain (53), Dst Port: 59201 (59201)

1628	   XMIT VICTIM Time 0.007540 Domain Name System (query)
1629	   DNS Standard query A 4-5.jo.cert-test.
1630	    123456789-123456789-123456789-123456789-123456789-123456789.
1631	    123456789-123456789-123456789-123456789-123456789.
1632	    123456789-123456789-123456789-123456789.
1633	    123456789-123456789-123456789.123456789-123456789.123456789.
1634	    example.com
1635	   Frame 99 (288 bytes on the wire)
1636	   UDP, Src Port: 54029 (54029), Dst Port: domain (53)

1638	   RECV VICTIM Time 0.008675 Domain Name System (response)
1639	   DNS Standard query response, No such name
1640	   Frame 100 (348 bytes on the wire)
1641	   UDP, Src Port: domain (53), Dst Port: 54029 (54029)

1643	   XMIT VICTIM Time 0.008773 Domain Name System (query)
1644	   DNS Standard query A 4-6.jo.cert-test.
1645	    123456789-123456789-123456789-123456789-123456789-123456789.
1646	    123456789-123456789-123456789-123456789-123456789.
1647	    123456789-123456789-123456789-123456789.
1648	    123456789-123456789-123456789.123456789-123456789.123456789.
1649	    example.com
1650	   Frame 101 (288 bytes on the wire)
1651	   UDP, Src Port: 60108 (60108), Dst Port: domain (53)

1653	   RECV VICTIM Time 0.013443 Domain Name System (response)
1654	   DNS Standard query response, No such name
1655	   Frame 102 (348 bytes on the wire)
1656	   UDP, Src Port: domain (53), Dst Port: 60108 (60108)

1658	   XMIT VICTIM Time 0.013561 Domain Name System (query)
1659	   DNS Standard query A 4-7.jo.cert-test.
1660	    123456789-123456789-123456789-123456789-123456789-123456789.
1661	    123456789-123456789-123456789-123456789-123456789.
1662	    123456789-123456789-123456789-123456789.

1664	    123456789-123456789-123456789.123456789-123456789.123456789.
1665	    example.com
1666	   Frame 103 (288 bytes on the wire)
1667	   UDP, Src Port: 52259 (52259), Dst Port: domain (53)

1669	   RECV VICTIM Time 0.014616 Domain Name System (response)
1670	   DNS Standard query response, No such name
1671	   Frame 104 (348 bytes on the wire)
1672	   UDP, Src Port: domain (53), Dst Port: 52259 (52259)

1674	   XMIT VICTIM Time 0.014701 Domain Name System (query)
1675	   DNS Standard query A 4-8.jo.cert-test.
1676	    123456789-123456789-123456789-123456789-123456789-123456789.
1677	    123456789-123456789-123456789-123456789-123456789.
1678	    123456789-123456789-123456789-123456789.
1679	    123456789-123456789-123456789.123456789-123456789.123456789.
1680	    example.com
1681	   Frame 105 (288 bytes on the wire)
1682	   UDP, Src Port: 59589 (59589), Dst Port: domain (53)

1684	   RECV VICTIM Time 0.014866 Domain Name System (response)
1685	   DNS Standard query response, No such name
1686	   Frame 106 (348 bytes on the wire)
1687	   UDP, Src Port: domain (53), Dst Port: 59589 (59589)

1689	   XMIT VICTIM Time 0.014928
1690	   DNS Standard query A 4-9.jo.cert-test.
1691	    123456789-123456789-123456789-123456789-123456789-123456789.
1692	    123456789-123456789-123456789-123456789-123456789.
1693	    123456789-123456789-123456789-123456789.
1694	    123456789-123456789-123456789.123456789-123456789.123456789.
1695	    example.com
1696	   Frame 107 (288 bytes on the wire)
1697	   UDP, Src Port: 49838 (49838), Dst Port: domain (53)
1698	   Domain Name System (query)

1700	   RECV VICTIM Time 0.015609 Domain Name System (response)
1701	   DNS Standard query response, No such name
1702	   Frame 108 (348 bytes on the wire)
1703	   UDP, Src Port: domain (53), Dst Port: 49838 (49838)

1705	   XMIT VICTIM Time 0.015681 Domain Name System (query)
1706	   DNS Standard query A 4-0.jo.cert-test.
1707	    123456789-123456789-123456789-123456789-123456789-123456789.
1708	    123456789-123456789-123456789-123456789-123456789.
1709	    123456789-123456789-123456789-123456789.
1710	    123456789-123456789-123456789.123456789-123456789.123456789.
1711	    example.com

1713	   Frame 109 (288 bytes on the wire)
1714	   UDP, Src Port: 61868 (61868), Dst Port: domain (53)

1716	   RECV VICTIM Time 0.015753 Domain Name System (response)
1717	   DNS Standard query response, No such name
1718	   Frame 110 (348 bytes on the wire)
1719	   UDP, Src Port: domain (53), Dst Port: 61868 (61868)

1721	   XMIT VICTIM Time 0.015826 Domain Name System (query)
1722	   DNS Standard query A 4-1.jo.cert-test.
1723	    123456789-123456789-123456789-123456789-123456789-123456789.
1724	    123456789-123456789-123456789-123456789-123456789.
1725	    123456789-123456789-123456789-123456789.
1726	    123456789-123456789-123456789.123456789-123456789.123456789.
1727	    example.com
1728	   Frame 111 (288 bytes on the wire)
1729	   UDP, Src Port: 54485 (54485), Dst Port: domain (53)

1731	   RECV VICTIM Time 0.015897 Domain Name System (response)
1732	   DNS Standard query response, No such name
1733	   Frame 112 (348 bytes on the wire)
1734	   UDP, Src Port: domain (53), Dst Port: 54485 (54485)

1736	   XMIT ATTACK Time 0.015963 Domain Name System (query)
1737	   DNS Standard query MX 5.jo.cert-test.mail-abuse.org
1738	   Frame 113 (79 bytes on the wire)
1739	   UDP, Src Port: 62648 (62648), Dst Port: domain (53)

1741	   RECV ATTACK Time 0.016223 Domain Name System (response)
1742	   DNS Standard query response MX 1 5-2.jo.cert-test.
1743	    123456789-123456789-123456789-123456789-123456789-123456789.
1744	    123456789-123456789-123456789-123456789-123456789.
1745	    123456789-123456789-123456789-123456789.
1746	    123456789-123456789-123456789.123456789-123456789.123456789.
1747	    example.com
1748	    MX 1 5-3.jo.cert-test.
1749	    123456789-123456789-123456789-123456789-123456789-123456789.
1750	    123456789-123456789-123456789-123456789-123456789.
1751	    123456789-123456789-123456789-123456789.
1752	    123456789-123456789-123456789.123456789-123456789.123456789.
1753	    example.com
1754	    MX 1 5-4.jo.cert-test.
1755	    123456789-123456789-123456789-123456789-123456789-123456789.
1756	    123456789-123456789-123456789-123456789-123456789.
1757	    123456789-123456789-123456789-123456789.
1758	    123456789-123456789-123456789.123456789-123456789.123456789.
1759	    example.com
1760	    MX 1 5-5.jo.cert-test.

1762	    123456789-123456789-123456789-123456789-123456789-123456789.
1763	    123456789-123456789-123456789-123456789-123456789.
1764	    123456789-123456789-123456789-123456789.
1765	    123456789-123456789-123456789.123456789-123456789.
1766	    123456789.example.com
1767	    MX 1 5-6.jo.cert-test.
1768	    123456789-123456789-123456789-123456789-123456789-123456789.
1769	    123456789-123456789-123456789-123456789-123456789.
1770	    123456789-123456789-123456789-123456789.
1771	    123456789-123456789-123456789.123456789-123456789.
1772	    123456789.example.com
1773	    MX 1 5-7.jo.cert-test.
1774	    123456789-123456789-123456789-123456789-123456789-123456789.
1775	    123456789-123456789-123456789-123456789-123456789.
1776	    123456789-123456789-123456789-123456789.
1777	    123456789-123456789-123456789.123456789-123456789.123456789.
1778	    example.com
1779	    MX 1 5-8.jo.cert-test.
1780	    123456789-123456789-123456789-123456789-123456789-123456789.
1781	    123456789-123456789-123456789-123456789-123456789.
1782	    123456789-123456789-123456789-123456789.
1783	    123456789-123456789-123456789.123456789-123456789.123456789.
1784	    example.com
1785	    MX 1 5-9.jo.cert-test.
1786	    123456789-123456789-123456789-123456789-123456789-123456789.
1787	    123456789-123456789-123456789-123456789-123456789.
1788	    123456789-123456789-123456789-123456789.
1789	    123456789-123456789-123456789.123456789-123456789.123456789.
1790	    example.com
1791	    MX 1 5-0.jo.cert-test.
1792	    123456789-123456789-123456789-123456789-123456789-123456789.
1793	    123456789-123456789-123456789-123456789-123456789.
1794	    123456789-123456789-123456789-123456789.
1795	    123456789-123456789-123456789.123456789-123456789.123456789.
1796	    example.com
1797	    MX 1 5-1.jo.cert-test.
1798	    123456789-123456789-123456789-123456789-123456789-123456789.
1799	    123456789-123456789-123456789-123456789-123456789.
1800	    123456789-123456789-123456789-123456789.
1801	    123456789-123456789-123456789.123456789-123456789.123456789.
1802	    example.com
1803	   Frame 114 (535 bytes on the wire)
1804	   UDP, Src Port: domain (53), Dst Port: 62648 (62648)

1806	   XMIT VICTIM Time 0.016326 Domain Name System (query)
1807	   DNS Standard query A 5-2.jo.cert-test.
1808	    123456789-123456789-123456789-123456789-123456789-123456789.
1809	    123456789-123456789-123456789-123456789-123456789.

1811	    123456789-123456789-123456789-123456789.
1812	    123456789-123456789-123456789.123456789-123456789.123456789.
1813	    example.com
1814	   Frame 115 (288 bytes on the wire)
1815	   UDP, Src Port: 64862 (64862), Dst Port: domain (53)

1817	   RECV VICTIM Time 0.016397 Domain Name System (response)
1818	   DNS Standard query response, No such name
1819	   Frame 116 (348 bytes on the wire)
1820	   UDP, Src Port: domain (53), Dst Port: 64862 (64862)

1822	   XMIT VICTIM Time 0.016453 Domain Name System (query)
1823	   DNS Standard query A 5-3.jo.cert-test.
1824	    123456789-123456789-123456789-123456789-123456789-123456789.
1825	    123456789-123456789-123456789-123456789-123456789.
1826	    123456789-123456789-123456789-123456789.
1827	    123456789-123456789-123456789.123456789-123456789.123456789.
1828	    example.com
1829	   Frame 117 (288 bytes on the wire)
1830	   UDP, Src Port: 55595 (55595), Dst Port: domain (53)

1832	   RECV VICTIM Time 0.016530 Domain Name System (response)
1833	   DNS Standard query response, No such name
1834	   Frame 118 (348 bytes on the wire)
1835	   UDP, Src Port: domain (53), Dst Port: 55595 (55595)

1837	   XMIT VICTIM Time 0.016590 Domain Name System (query)
1838	   DNS Standard query A 5-4.jo.cert-test.
1839	    123456789-123456789-123456789-123456789-123456789-123456789.
1840	    123456789-123456789-123456789-123456789-123456789.
1841	    123456789-123456789-123456789-123456789.
1842	    123456789-123456789-123456789.123456789-123456789.123456789.
1843	    example.com
1844	   Frame 119 (288 bytes on the wire)
1845	   UDP, Src Port: 59040 (59040), Dst Port: domain (53)

1847	   RECV VICTIM Time 0.016658 Domain Name System (response)
1848	   DNS Standard query response, No such name
1849	   Frame 120 (348 bytes on the wire)
1850	   UDP, Src Port: domain (53), Dst Port: 59040 (59040)

1852	   XMIT VICTIM Time 0.016712 Domain Name System (query)
1853	   DNS Standard query A 5-5.jo.cert-test.
1854	    123456789-123456789-123456789-123456789-123456789-123456789.
1855	    123456789-123456789-123456789-123456789-123456789.
1856	    123456789-123456789-123456789-123456789.
1857	    123456789-123456789-123456789.123456789-123456789.123456789.
1858	    example.com

1860	   Frame 121 (288 bytes on the wire)
1861	   UDP, Src Port: 64566 (64566), Dst Port: domain (53)

1863	   RECV VICTIM Time 0.016778 Domain Name System (response)
1864	   DNS Standard query response, No such name
1865	   Frame 122 (348 bytes on the wire)
1866	   UDP, Src Port: domain (53), Dst Port: 64566 (64566)

1868	   XMIT VICTIM Time 0.016833 Domain Name System (query)
1869	   DNS Standard query A 5-6.jo.cert-test.
1870	    123456789-123456789-123456789-123456789-123456789-123456789.
1871	    123456789-123456789-123456789-123456789-123456789.
1872	    123456789-123456789-123456789-123456789.
1873	    123456789-123456789-123456789.123456789-123456789.123456789.
1874	    example.com
1875	   Frame 123 (288 bytes on the wire)
1876	   UDP, Src Port: 57893 (57893), Dst Port: domain (53)

1878	   RECV VICTIM Time 0.016899 Domain Name System (response)
1879	   DNS Standard query response, No such name
1880	   Frame 124 (348 bytes on the wire)
1881	   UDP, Src Port: domain (53), Dst Port: 57893 (57893)

1883	   XMIT VICTIM Time 0.016966 Domain Name System (query)
1884	   DNS Standard query A 5-7.jo.cert-test.
1885	    123456789-123456789-123456789-123456789-123456789-123456789.
1886	    123456789-123456789-123456789-123456789-123456789.
1887	    123456789-123456789-123456789-123456789.
1888	    123456789-123456789-123456789.123456789-123456789.123456789.
1889	    example.com
1890	   Frame 125 (288 bytes on the wire)
1891	   UDP, Src Port: 50080 (50080), Dst Port: domain (53)

1893	   RECV VICTIM Time 0.017033 Domain Name System (response)
1894	   DNS Standard query response, No such name
1895	   Frame 126 (348 bytes on the wire)
1896	   UDP, Src Port: domain (53), Dst Port: 50080 (50080)

1898	   XMIT VICTIM Time 0.017089 Domain Name System (query)
1899	   DNS Standard query A 5-8.jo.cert-test.
1900	    123456789-123456789-123456789-123456789-123456789-123456789.
1901	    123456789-123456789-123456789-123456789-123456789.
1902	    123456789-123456789-123456789-123456789.
1903	    123456789-123456789-123456789.123456789-123456789.123456789.
1904	    example.com
1905	   Frame 127 (288 bytes on the wire)
1906	   UDP, Src Port: 59589 (59589), Dst Port: domain (53)
1907	   RECV VICTIM Time 0.017163 Domain Name System (response)
1908	   DNS Standard query response, No such name
1909	   Frame 128 (348 bytes on the wire)
1910	   UDP, Src Port: domain (53), Dst Port: 59589 (59589)

1912	   XMIT VICTIM Time 0.017218 Domain Name System (query)
1913	   DNS Standard query A 5-9.jo.cert-test.
1914	    123456789-123456789-123456789-123456789-123456789-123456789.
1915	    123456789-123456789-123456789-123456789-123456789.
1916	    123456789-123456789-123456789-123456789.
1917	    123456789-123456789-123456789.123456789-123456789.123456789.
1918	    example.com
1919	   Frame 129 (288 bytes on the wire)
1920	   UDP, Src Port: 51145 (51145), Dst Port: domain (53)

1922	   RECV VICTIM Time 0.017284 Domain Name System (response)
1923	   DNS Standard query response, No such name
1924	   Frame 130 (348 bytes on the wire)
1925	   UDP, Src Port: domain (53), Dst Port: 51145 (51145)

1927	   XMIT VICTIM Time 0.017339 Domain Name System (query)
1928	   DNS Standard query A 5-0.jo.cert-test.
1929	    123456789-123456789-123456789-123456789-123456789-123456789.
1930	    123456789-123456789-123456789-123456789-123456789.
1931	    123456789-123456789-123456789-123456789.
1932	    123456789-123456789-123456789.123456789-123456789.123456789.
1933	    example.com
1934	   Frame 131 (288 bytes on the wire)
1935	   UDP, Src Port: 55246 (55246), Dst Port: domain (53)

1937	   RECV VICTIM Time 0.017405 Domain Name System (response)
1938	   DNS Standard query response, No such name
1939	   Frame 132 (348 bytes on the wire)
1940	   UDP, Src Port: domain (53), Dst Port: 55246 (55246)

1942	   XMIT VICTIM Time 0.017459 Domain Name System (query)
1943	   DNS Standard query A 5-1.jo.cert-test.
1944	    123456789-123456789-123456789-123456789-123456789-123456789.
1945	    123456789-123456789-123456789-123456789-123456789.
1946	    123456789-123456789-123456789-123456789.
1947	    123456789-123456789-123456789.123456789-123456789.123456789.
1948	    example.com
1949	   Frame 133 (288 bytes on the wire)
1950	   UDP, Src Port: 65477 (65477), Dst Port: domain (53)

1952	   RECV VICTIM Time 0.017525 Domain Name System (response)
1953	   DNS Standard query response, No such name
1954	   Frame 134 (348 bytes on the wire)
1955	   UDP, Src Port: domain (53), Dst Port: 65477 (65477)

1957	   XMIT ATTACK Time 0.017656 Domain Name System (query)
1958	   DNS Standard query MX 6.jo.cert-test.mail-abuse.org
1959	   Frame 135 (79 bytes on the wire)
1960	   UDP, Src Port: 50935 (50935), Dst Port: domain (53)

1962	   RECV ATTACK Time 0.017899 Domain Name System (response)
1963	   DNS Standard query response MX 1 6-2.jo.cert-test.
1964	    123456789-123456789-123456789-123456789-123456789-123456789.
1965	    123456789-123456789-123456789-123456789-123456789.
1966	    123456789-123456789-123456789-123456789.
1967	    123456789-123456789-123456789.123456789-123456789.123456789.
1968	    example.com
1969	    MX 1 6-3.jo.cert-test.
1970	    123456789-123456789-123456789-123456789-123456789-123456789.
1971	    123456789-123456789-123456789-123456789-123456789.
1972	    123456789-123456789-123456789-123456789.
1973	    123456789-123456789-123456789.123456789-123456789.123456789.
1974	    example.com
1975	    MX 1 6-4.jo.cert-test.
1976	    123456789-123456789-123456789-123456789-123456789-123456789.
1977	    123456789-123456789-123456789-123456789-123456789.
1978	    123456789-123456789-123456789-123456789.
1979	    123456789-123456789-123456789.123456789-123456789.123456789.
1980	    example.com
1981	    MX 1 6-5.jo.cert-test.
1982	    123456789-123456789-123456789-123456789-123456789-123456789.
1983	    123456789-123456789-123456789-123456789-123456789.
1984	    123456789-123456789-123456789-123456789.
1985	    123456789-123456789-123456789.123456789-123456789.123456789.
1986	    example.com
1987	    MX 1 6-6.jo.cert-test.
1988	    123456789-123456789-123456789-123456789-123456789-123456789.
1989	    123456789-123456789-123456789-123456789-123456789.
1990	    123456789-123456789-123456789-123456789.
1991	    123456789-123456789-123456789.123456789-123456789.123456789.
1992	    example.com
1993	    MX 1 6-7.jo.cert-test.
1994	    123456789-123456789-123456789-123456789-123456789-123456789.
1995	    123456789-123456789-123456789-123456789-123456789.
1996	    123456789-123456789-123456789-123456789.
1997	    123456789-123456789-123456789.123456789-123456789.123456789.
1998	    example.com
1999	    MX 1 6-8.jo.cert-test.
2000	    123456789-123456789-123456789-123456789-123456789-123456789.
2001	    123456789-123456789-123456789-123456789-123456789.
2002	    123456789-123456789-123456789-123456789.

2004	    123456789-123456789-123456789.123456789-123456789.123456789.
2005	    example.com
2006	    MX 1 6-9.jo.cert-test.
2007	    123456789-123456789-123456789-123456789-123456789-123456789.
2008	    123456789-123456789-123456789-123456789-123456789.
2009	    123456789-123456789-123456789-123456789.
2010	    123456789-123456789-123456789.123456789-123456789.123456789.
2011	    example.com
2012	    MX 1 6-0.jo.cert-test.
2013	    123456789-123456789-123456789-123456789-123456789-123456789.
2014	    123456789-123456789-123456789-123456789-123456789.
2015	    123456789-123456789-123456789-123456789.
2016	    123456789-123456789-123456789.123456789-123456789.123456789.
2017	    example.com
2018	    MX 1 6-1.jo.cert-test.
2019	    123456789-123456789-123456789-123456789-123456789-123456789.
2020	    123456789-123456789-123456789-123456789-123456789.
2021	    123456789-123456789-123456789-123456789.
2022	    123456789-123456789-123456789.123456789-123456789.123456789.
2023	    example.com
2024	   Frame 136 (535 bytes on the wire)
2025	   UDP, Src Port: domain (53), Dst Port: 50935 (50935)

2027	   XMIT VICTIM Time 0.018001 Domain Name System (query)
2028	   DNS Standard query A 6-2.jo.cert-test.
2029	    123456789-123456789-123456789-123456789-123456789-123456789.
2030	    123456789-123456789-123456789-123456789-123456789.
2031	    123456789-123456789-123456789-123456789.
2032	    123456789-123456789-123456789.123456789-123456789.123456789.
2033	    example.com
2034	   Frame 137 (288 bytes on the wire)
2035	   UDP, Src Port: 65317 (65317), Dst Port: domain (53)

2037	   RECV VICTIM Time 0.018072 Domain Name System (response)
2038	   DNS Standard query response, No such name
2039	   Frame 138 (348 bytes on the wire)
2040	   UDP, Src Port: domain (53), Dst Port: 65317 (65317)

2042	   XMIT VICTIM Time 0.018141 Domain Name System (query)
2043	   DNS Standard query A 6-3.jo.cert-test.
2044	    123456789-123456789-123456789-123456789-123456789-123456789.
2045	    123456789-123456789-123456789-123456789-123456789.
2046	    123456789-123456789-123456789-123456789.
2047	    123456789-123456789-123456789.123456789-123456789.123456789.
2048	    example.com
2049	   Frame 139 (288 bytes on the wire)
2050	   UDP, Src Port: 65391 (65391), Dst Port: domain (53)
2051	   RECV VICTIM Time 0.018209 Domain Name System (response)
2052	   DNS Standard query response, No such name
2053	   Frame 140 (348 bytes on the wire)
2054	   UDP, Src Port: domain (53), Dst Port: 65391 (65391)

2056	   XMIT VICTIM Time 0.018264 Domain Name System (query)
2057	   DNS Standard query A 6-4.jo.cert-test.
2058	    123456789-123456789-123456789-123456789-123456789-123456789.
2059	    123456789-123456789-123456789-123456789-123456789.
2060	    123456789-123456789-123456789-123456789.
2061	    123456789-123456789-123456789.123456789-123456789.123456789.
2062	    example.com
2063	   Frame 141 (288 bytes on the wire)
2064	   UDP, Src Port: 61277 (61277), Dst Port: domain (53)

2066	   RECV VICTIM Time 0.018330 Domain Name System (response)
2067	   DNS Standard query response, No such name
2068	   Frame 142 (348 bytes on the wire)
2069	   UDP, Src Port: domain (53), Dst Port: 61277 (61277)

2071	   XMIT VICTIM Time 0.018384 Domain Name System (query)
2072	   DNS Standard query A 6-5.jo.cert-test.
2073	    123456789-123456789-123456789-123456789-123456789-123456789.
2074	    123456789-123456789-123456789-123456789-123456789.
2075	    123456789-123456789-123456789-123456789.
2076	    123456789-123456789-123456789.123456789-123456789.123456789.
2077	    example.com
2078	   Frame 143 (288 bytes on the wire)
2079	   UDP, Src Port: 62266 (62266), Dst Port: domain (53)

2081	   RECV VICTIM Time 0.018459 Domain Name System (response)
2082	   DNS Standard query response, No such name
2083	   Frame 144 (348 bytes on the wire)
2084	   UDP, Src Port: domain (53), Dst Port: 62266 (62266)

2086	   XMIT VICTIM Time  0.018515 Domain Name System (query)
2087	   DNS Standard query A 6-6.jo.cert-test.
2088	    123456789-123456789-123456789-123456789-123456789-123456789.
2089	    123456789-123456789-123456789-123456789-123456789.
2090	    123456789-123456789-123456789-123456789.
2091	    123456789-123456789-123456789.123456789-123456789.123456789.
2092	    example.com
2093	   Frame 145 (288 bytes on the wire)
2094	   UDP, Src Port: 56381 (56381), Dst Port: domain (53)

2096	   RECV VICTIM Time 0.018585 Domain Name System (response)
2097	   DNS Standard query response, No such name
2098	   Frame 146 (348 bytes on the wire)
2099	   UDP, Src Port: domain (53), Dst Port: 56381 (56381)

2101	   XMIT VICTIM Time 0.018640 Domain Name System (query)
2102	   DNS Standard query A 6-7.jo.cert-test.
2103	    123456789-123456789-123456789-123456789-123456789-123456789.
2104	    123456789-123456789-123456789-123456789-123456789.
2105	    123456789-123456789-123456789-123456789.
2106	    123456789-123456789-123456789.123456789-123456789.123456789.
2107	    example.com
2108	   Frame 147 (288 bytes on the wire)
2109	   UDP, Src Port: 50878 (50878), Dst Port: domain (53)

2111	   RECV VICTIM Time 0.018707 Domain Name System (response)
2112	   DNS Standard query response, No such name
2113	   Frame 148 (348 bytes on the wire)
2114	   UDP, Src Port: domain (53), Dst Port: 50878 (50878)

2116	   XMIT VICTIM Time 0.018761 Domain Name System (query)
2117	   DNS Standard query A 6-8.jo.cert-test.
2118	    123456789-123456789-123456789-123456789-123456789-123456789.
2119	    123456789-123456789-123456789-123456789-123456789.
2120	    123456789-123456789-123456789-123456789.
2121	    123456789-123456789-123456789.123456789-123456789.123456789.
2122	    example.com
2123	   Frame 149 (288 bytes on the wire)
2124	   UDP, Src Port: 51814 (51814), Dst Port: domain (53)

2126	   RECV VICTIM Time 0.018826 Domain Name System (response)
2127	   DNS Standard query response, No such name
2128	   Frame 150 (348 bytes on the wire)
2129	   UDP, Src Port: domain (53), Dst Port: 51814 (51814)

2131	   XMIT VICTIM Time 0.018881 Domain Name System (query)
2132	   DNS Standard query A 6-9.jo.cert-test.
2133	    123456789-123456789-123456789-123456789-123456789-123456789.
2134	    123456789-123456789-123456789-123456789-123456789.
2135	    123456789-123456789-123456789-123456789.
2136	    123456789-123456789-123456789.123456789-123456789.123456789.
2137	    example.com
2138	   Frame 151 (288 bytes on the wire)
2139	   UDP, Src Port: 57344 (57344), Dst Port: domain (53)

2141	   RECV VICTIM Time 0.018946 Domain Name System (response)
2142	   DNS Standard query response, No such name
2143	   Frame 152 (348 bytes on the wire)
2144	   UDP, Src Port: domain (53), Dst Port: 57344 (57344)

2146	   XMIT VICTIM Time 0.019000 Domain Name System (query)
2147	   DNS Standard query A 6-0.jo.cert-test.
2148	    123456789-123456789-123456789-123456789-123456789-123456789.
2149	    123456789-123456789-123456789-123456789-123456789.
2150	    123456789-123456789-123456789-123456789.
2151	    123456789-123456789-123456789.123456789-123456789.123456789.
2152	    example.com
2153	   Frame 153 (288 bytes on the wire)
2154	   UDP, Src Port: 54706 (54706), Dst Port: domain (53)

2156	   RECV VICTIM Time 0.019076 Domain Name System (response)
2157	   DNS Standard query response, No such name
2158	   Frame 154 (348 bytes on the wire)
2159	   UDP, Src Port: domain (53), Dst Port: 54706 (54706)

2161	   XMIT VICTIM Time 0.019131 Domain Name System (query)
2162	   DNS Standard query A 6-1.jo.cert-test.
2163	    123456789-123456789-123456789-123456789-123456789-123456789.
2164	    123456789-123456789-123456789-123456789-123456789.
2165	    123456789-123456789-123456789-123456789.
2166	    123456789-123456789-123456789.123456789-123456789.123456789.
2167	    example.com
2168	   Frame 155 (288 bytes on the wire)
2169	   UDP, Src Port: 61147 (61147), Dst Port: domain (53)

2171	   RECV VICTIM Time 0.019197 Domain Name System (response)
2172	   DNS Standard query response, No such name
2173	   Frame 156 (348 bytes on the wire)
2174	   UDP, Src Port: domain (53), Dst Port: 61147 (61147)

2176	   XMIT ATTACK Time 0.019254 Domain Name System (query)
2177	   DNS Standard query MX 7.jo.cert-test.mail-abuse.org
2178	   Frame 157 (79 bytes on the wire)
2179	   UDP, Src Port: 59174 (59174), Dst Port: domain (53)

2181	   RECV ATTACK Time 0.019487 Domain Name System (response)
2182	   DNS Standard query response MX 1 7-2.jo.cert-test.
2183	    123456789-123456789-123456789-123456789-123456789-123456789.
2184	    123456789-123456789-123456789-123456789-123456789.
2185	    123456789-123456789-123456789-123456789.
2186	    123456789-123456789-123456789.123456789-123456789.123456789.
2187	    example.com
2188	    MX 1 7-3.jo.cert-test.
2189	    123456789-123456789-123456789-123456789-123456789-123456789.
2190	    123456789-123456789-123456789-123456789-123456789.
2191	    123456789-123456789-123456789-123456789.
2192	    123456789-123456789-123456789.123456789-123456789.123456789.
2193	    example.com
2194	    MX 1 7-4.jo.cert-test.

2196	    123456789-123456789-123456789-123456789-123456789-123456789.
2197	    123456789-123456789-123456789-123456789-123456789.
2198	    123456789-123456789-123456789-123456789.
2199	    123456789-123456789-123456789.123456789-123456789.123456789.
2200	    example.com
2201	    MX 1 7-5.jo.cert-test.
2202	    123456789-123456789-123456789-123456789-123456789-123456789.
2203	    123456789-123456789-123456789-123456789-123456789.
2204	    123456789-123456789-123456789-123456789.
2205	    123456789-123456789-123456789.123456789-123456789.123456789.
2206	    example.com
2207	    MX 1 7-6.jo.cert-test.
2208	    123456789-123456789-123456789-123456789-123456789-123456789.
2209	    123456789-123456789-123456789-123456789-123456789.
2210	    123456789-123456789-123456789-123456789.
2211	    123456789-123456789-123456789.123456789-123456789.123456789.
2212	    example.com
2213	    MX 1 7-7.jo.cert-test.
2214	    123456789-123456789-123456789-123456789-123456789-123456789.
2215	    123456789-123456789-123456789-123456789-123456789.
2216	    123456789-123456789-123456789-123456789.
2217	    123456789-123456789-123456789.123456789-123456789.123456789.
2218	    example.com
2219	    MX 1 7-8.jo.cert-test.
2220	    123456789-123456789-123456789-123456789-123456789-123456789.
2221	    123456789-123456789-123456789-123456789-123456789.
2222	    123456789-123456789-123456789-123456789.
2223	    123456789-123456789-123456789.123456789-123456789.123456789.
2224	    example.com
2225	    MX 1 7-9.jo.cert-test.
2226	    123456789-123456789-123456789-123456789-123456789-123456789.
2227	    123456789-123456789-123456789-123456789-123456789.
2228	    123456789-123456789-123456789-123456789.
2229	    123456789-123456789-123456789.123456789-123456789.123456789.
2230	    example.com
2231	    MX 1 7-0.jo.cert-test.
2232	    123456789-123456789-123456789-123456789-123456789-123456789.
2233	    123456789-123456789-123456789-123456789-123456789.
2234	    123456789-123456789-123456789-123456789.
2235	    123456789-123456789-123456789.123456789-123456789.123456789.
2236	    example.com
2237	    MX 1 7-1.jo.cert-test.
2238	    123456789-123456789-123456789-123456789-123456789-123456789.
2239	    123456789-123456789-123456789-123456789-123456789.
2240	    123456789-123456789-123456789-123456789.
2241	    123456789-123456789-123456789.123456789-123456789.123456789.
2242	    example.com
2243	   Frame 158 (535 bytes on the wire)
2244	   UDP, Src Port: domain (53), Dst Port: 59174 (59174)

2246	   XMIT VICTIM Time 0.019601 Domain Name System (query)
2247	   DNS Standard query A 7-2.jo.cert-test.
2248	    123456789-123456789-123456789-123456789-123456789-123456789.
2249	    123456789-123456789-123456789-123456789-123456789.
2250	    123456789-123456789-123456789-123456789.
2251	    123456789-123456789-123456789.123456789-123456789.123456789.
2252	    example.com
2253	   Frame 159 (288 bytes on the wire)
2254	   UDP, Src Port: 49466 (49466), Dst Port: domain (53)

2256	   RECV VICTIM Time 0.019673 Domain Name System (response)
2257	   DNS Standard query response, No such name
2258	   Frame 160 (348 bytes on the wire)
2259	   UDP, Src Port: domain (53), Dst Port: 49466 (49466)

2261	   XMIT VICTIM Time 0.019729 Domain Name System (query)
2262	   DNS Standard query A 7-3.jo.cert-test.
2263	    123456789-123456789-123456789-123456789-123456789-123456789.
2264	    123456789-123456789-123456789-123456789-123456789.
2265	    123456789-123456789-123456789-123456789.
2266	    123456789-123456789-123456789.123456789-123456789.123456789.
2267	    example.com
2268	   Frame 161 (288 bytes on the wire)
2269	   UDP, Src Port: 56355 (56355), Dst Port: domain (53)

2271	   RECV VICTIM Time 0.019795 Domain Name System (response)
2272	   DNS Standard query response, No such name
2273	   Frame 162 (348 bytes on the wire)
2274	   UDP, Src Port: domain (53), Dst Port: 56355 (56355)

2276	   XMIT VICTIM Time 0.019849 Domain Name System (query)
2277	   DNS Standard query A 7-4.jo.cert-test.
2278	    123456789-123456789-123456789-123456789-123456789-123456789.
2279	    123456789-123456789-123456789-123456789-123456789.
2280	    123456789-123456789-123456789-123456789.
2281	    123456789-123456789-123456789.123456789-123456789.123456789.
2282	    example.com
2283	   Frame 163 (288 bytes on the wire)
2284	   UDP, Src Port: 64811 (64811), Dst Port: domain (53)

2286	   RECV VICTIM Time 0.019924 Domain Name System (response)
2287	   DNS Standard query response, No such name
2288	   Frame 164 (348 bytes on the wire)
2289	   UDP, Src Port: domain (53), Dst Port: 64811 (64811)

2291	   XMIT VICTIM Time 0.019979 Domain Name System (query)
2292	   DNS Standard query A 7-5.jo.cert-test.
2293	    123456789-123456789-123456789-123456789-123456789-123456789.
2294	    123456789-123456789-123456789-123456789-123456789.
2295	    123456789-123456789-123456789-123456789.
2296	    123456789-123456789-123456789.123456789-123456789.123456789.
2297	    example.com
2298	   Frame 165 (288 bytes on the wire)
2299	   UDP, Src Port: 65350 (65350), Dst Port: domain (53)

2301	   RECV VICTIM Time 0.020046 Domain Name System (response)
2302	   DNS Standard query response, No such name
2303	   Frame 166 (348 bytes on the wire)
2304	   UDP, Src Port: domain (53), Dst Port: 65350 (65350)

2306	   XMIT VICTIM Time 0.020101 Domain Name System (query)
2307	   DNS Standard query A 7-6.jo.cert-test.
2308	    123456789-123456789-123456789-123456789-123456789-123456789.
2309	    123456789-123456789-123456789-123456789-123456789.
2310	    123456789-123456789-123456789-123456789.
2311	    123456789-123456789-123456789.123456789-123456789.123456789.
2312	    example.com
2313	   Frame 167 (288 bytes on the wire)
2314	   UDP, Src Port: 54501 (54501), Dst Port: domain (53)

2316	   RECV VICTIM Time 0.020165 Domain Name System (response)
2317	   DNS Standard query response, No such name
2318	   Frame 168 (348 bytes on the wire)
2319	   UDP, Src Port: domain (53), Dst Port: 54501 (54501)

2321	   XMIT VICTIM Time 0.020220 Domain Name System (query)
2322	   DNS Standard query A 7-7.jo.cert-test.
2323	    123456789-123456789-123456789-123456789-123456789-123456789.
2324	    123456789-123456789-123456789-123456789-123456789.
2325	    123456789-123456789-123456789-123456789.
2326	    123456789-123456789-123456789.123456789-123456789.123456789.
2327	    example.com
2328	   Frame 169 (288 bytes on the wire)
2329	   UDP, Src Port: 55871 (55871), Dst Port: domain (53)

2331	   RECV VICTIM Time 0.020285 Domain Name System (response)
2332	   DNS Standard query response, No such name
2333	   Frame 170 (348 bytes on the wire)
2334	   UDP, Src Port: domain (53), Dst Port: 55871 (55871)

2336	   XMIT VICTIM Time 0.020340 Domain Name System (query)
2337	   DNS Standard query A 7-8.jo.cert-test.
2338	    123456789-123456789-123456789-123456789-123456789-123456789.
2339	    123456789-123456789-123456789-123456789-123456789.

2341	    123456789-123456789-123456789-123456789.
2342	    123456789-123456789-123456789.123456789-123456789.123456789.
2343	    example.com
2344	   Frame 171 (288 bytes on the wire)
2345	   UDP, Src Port: 60209 (60209), Dst Port: domain (53)

2347	   RECV VICTIM Time 0.020406 Domain Name System (response)
2348	   DNS Standard query response, No such name
2349	   Frame 172 (348 bytes on the wire)
2350	   UDP, Src Port: domain (53), Dst Port: 60209 (60209)

2352	   XMIT VICTIM Time 0.020461 Domain Name System (query)
2353	   DNS Standard query A 7-9.jo.cert-test.
2354	    123456789-123456789-123456789-123456789-123456789-123456789.
2355	    123456789-123456789-123456789-123456789-123456789.
2356	    123456789-123456789-123456789-123456789.
2357	    123456789-123456789-123456789.123456789-123456789.123456789.
2358	    example.com
2359	   Frame 173 (288 bytes on the wire)
2360	   UDP, Src Port: 50737 (50737), Dst Port: domain (53)

2362	   RECV VICTIM Time  0.020534 Domain Name System (response)
2363	   DNS Standard query response, No such name
2364	   Frame 174 (348 bytes on the wire)
2365	   UDP, Src Port: domain (53), Dst Port: 50737 (50737)

2367	   XMIT VICTIM Time  0.020598 Domain Name System (query)
2368	   DNS Standard query A 7-0.jo.cert-test.
2369	    123456789-123456789-123456789-123456789-123456789-123456789.
2370	    123456789-123456789-123456789-123456789-123456789.
2371	    123456789-123456789-123456789-123456789.
2372	    123456789-123456789-123456789.123456789-123456789.123456789.
2373	    example.com
2374	   Frame 175 (288 bytes on the wire)
2375	   UDP, Src Port: 54327 (54327), Dst Port: domain (53)

2377	   RECV VICTIM Time 0.020706 Domain Name System (response)
2378	   DNS Standard query response, No such name
2379	   Frame 176 (348 bytes on the wire)
2380	   UDP, Src Port: domain (53), Dst Port: 54327 (54327)

2382	   XMIT VICTIM Time 0.020761 Domain Name System (query)
2383	   DNS Standard query A 7-1.jo.cert-test.
2384	    123456789-123456789-123456789-123456789-123456789-123456789.
2385	    123456789-123456789-123456789-123456789-123456789.
2386	    123456789-123456789-123456789-123456789.
2387	    123456789-123456789-123456789.123456789-123456789.123456789.
2388	    example.com

2390	   Frame 177 (288 bytes on the wire)
2391	   UDP, Src Port: 58995 (58995), Dst Port: domain (53)

2393	   RECV VICTIM Time 0.020827 Domain Name System (response)
2394	   DNS Standard query response, No such name
2395	   Frame 178 (348 bytes on the wire)
2396	   UDP, Src Port: domain (53), Dst Port: 58995 (58995)

2398	   XMIT ATTACK Time 0.020885 Domain Name System (query)
2399	   DNS Standard query MX 8.jo.cert-test.mail-abuse.org
2400	   Frame 179 (79 bytes on the wire)
2401	   UDP, Src Port: 55097 (55097), Dst Port: domain (53)

2403	   RECV ATTACK Time 0.021120 Domain Name System (response)
2404	   DNS Standard query response MX 1 8-2.jo.cert-test.
2405	    123456789-123456789-123456789-123456789-123456789-123456789.
2406	    123456789-123456789-123456789-123456789-123456789.
2407	    123456789-123456789-123456789-123456789.
2408	    123456789-123456789-123456789.123456789-123456789.123456789.
2409	    example.com
2410	    MX 1 8-3.jo.cert-test.
2411	    123456789-123456789-123456789-123456789-123456789-123456789.
2412	    123456789-123456789-123456789-123456789-123456789.
2413	    123456789-123456789-123456789-123456789.
2414	    123456789-123456789-123456789.123456789-123456789.123456789.
2415	    example.com
2416	    MX 1 8-4.jo.cert-test.
2417	    123456789-123456789-123456789-123456789-123456789-123456789.
2418	    123456789-123456789-123456789-123456789-123456789.
2419	    123456789-123456789-123456789-123456789.
2420	    123456789-123456789-123456789.123456789-123456789.123456789.
2421	    example.com
2422	    MX 1 8-5.jo.cert-test.
2423	    123456789-123456789-123456789-123456789-123456789-123456789.
2424	    123456789-123456789-123456789-123456789-123456789.
2425	    123456789-123456789-123456789-123456789.
2426	    123456789-123456789-123456789.123456789-123456789.123456789.
2427	    example.com
2428	    MX 1 8-6.jo.cert-test.
2429	    123456789-123456789-123456789-123456789-123456789-123456789.
2430	    123456789-123456789-123456789-123456789-123456789.
2431	    123456789-123456789-123456789-123456789.
2432	    123456789-123456789-123456789.123456789-123456789.123456789.
2433	    example.com
2434	    MX 1 8-7.jo.cert-test.
2435	    123456789-123456789-123456789-123456789-123456789-123456789.
2436	    123456789-123456789-123456789-123456789-123456789.
2437	    123456789-123456789-123456789-123456789.

2439	    123456789-123456789-123456789.123456789-123456789.123456789.
2440	    example.com
2441	    MX 1 8-8.jo.cert-test.
2442	    123456789-123456789-123456789-123456789-123456789-123456789.
2443	    123456789-123456789-123456789-123456789-123456789.
2444	    123456789-123456789-123456789-123456789.
2445	    123456789-123456789-123456789.123456789-123456789.123456789.
2446	    example.com
2447	    MX 1 8-9.jo.cert-test.
2448	    123456789-123456789-123456789-123456789-123456789-123456789.
2449	    123456789-123456789-123456789-123456789-123456789.
2450	    123456789-123456789-123456789-123456789.
2451	    123456789-123456789-123456789.123456789-123456789.123456789.
2452	    example.com
2453	    MX 1 8-0.jo.cert-test.
2454	    123456789-123456789-123456789-123456789-123456789-123456789.
2455	    123456789-123456789-123456789-123456789-123456789.
2456	    123456789-123456789-123456789-123456789.
2457	    123456789-123456789-123456789.123456789-123456789.123456789.
2458	    example.com
2459	    MX 1 8-1.jo.cert-test.
2460	    123456789-123456789-123456789-123456789-123456789-123456789.
2461	    123456789-123456789-123456789-123456789-123456789.
2462	    123456789-123456789-123456789-123456789.
2463	    123456789-123456789-123456789.123456789-123456789.123456789.
2464	    example.com
2465	   Frame 180 (535 bytes on the wire)
2466	   UDP, Src Port: domain (53), Dst Port: 55097 (55097)

2468	   XMIT VICTIM Time 0.021243 Domain Name System (query)
2469	   DNS Standard query A 8-2.jo.cert-test.
2470	    123456789-123456789-123456789-123456789-123456789-123456789.
2471	    123456789-123456789-123456789-123456789-123456789.
2472	    123456789-123456789-123456789-123456789.
2473	    123456789-123456789-123456789.123456789-123456789.123456789.
2474	    example.com
2475	   Frame 181 (288 bytes on the wire)
2476	   UDP, Src Port: 60196 (60196), Dst Port: domain (53)

2478	   No. 182    Time 0.021313 Domain Name System (response)
2479	   DNS Standard query response, No such name
2480	   Frame 182 (348 bytes on the wire)
2481	   UDP, Src Port: domain (53), Dst Port: 60196 (60196)

2483	   XMIT VICTIM Time 0.021369 Domain Name System (query)
2484	   DNS Standard query A 8-3.jo.cert-test.
2485	    123456789-123456789-123456789-123456789-123456789-123456789.
2486	    123456789-123456789-123456789-123456789-123456789.

2488	    123456789-123456789-123456789-123456789.
2489	    123456789-123456789-123456789.123456789-123456789.123456789.
2490	    example.com
2491	   Frame 183 (288 bytes on the wire)
2492	   UDP, Src Port: 54875 (54875), Dst Port: domain (53)

2494	   RECV VICTIM Time 0.021445 Domain Name System (response)
2495	   DNS Standard query response, No such name
2496	   Frame 184 (348 bytes on the wire)
2497	   UDP, Src Port: domain (53), Dst Port: 54875 (54875)

2499	   XMIT VICTIM Time 0.021501 Domain Name System (query)
2500	   DNS Standard query A 8-4.jo.cert-test.
2501	    123456789-123456789-123456789-123456789-123456789-123456789.
2502	    123456789-123456789-123456789-123456789-123456789.
2503	    123456789-123456789-123456789-123456789.
2504	    123456789-123456789-123456789.123456789-123456789.123456789.
2505	    example.com
2506	   Frame 185 (288 bytes on the wire)
2507	   UDP, Src Port: 54995 (54995), Dst Port: domain (53)

2509	   RECV VICTIM Time 0.021571 Domain Name System (response)
2510	   DNS Standard query response, No such name
2511	   Frame 186 (348 bytes on the wire)
2512	   UDP, Src Port: domain (53), Dst Port: 54995 (54995)

2514	   XMIT VICTIM Time 0.021625 Domain Name System (query)
2515	   DNS Standard query A 8-5.jo.cert-test.
2516	    123456789-123456789-123456789-123456789-123456789-123456789.
2517	    123456789-123456789-123456789-123456789-123456789.
2518	    123456789-123456789-123456789-123456789.
2519	    123456789-123456789-123456789.123456789-123456789.123456789.
2520	    example.com
2521	   Frame 187 (288 bytes on the wire)
2522	   UDP, Src Port: 51443 (51443), Dst Port: domain (53)

2524	   RECV VICTIM Time 0.021691 Domain Name System (response)
2525	   DNS Standard query response, No such name
2526	   Frame 188 (348 bytes on the wire)
2527	   UDP, Src Port: domain (53), Dst Port: 51443 (51443)

2529	   XMIT VICTIM Time 0.021744 Domain Name System (query)
2530	   DNS Standard query A 8-6.jo.cert-test.
2531	    123456789-123456789-123456789-123456789-123456789-123456789.
2532	    123456789-123456789-123456789-123456789-123456789.
2533	    123456789-123456789-123456789-123456789.
2534	    123456789-123456789-123456789.123456789-123456789.123456789.
2535	    example.com

2537	   Frame 189 (288 bytes on the wire)
2538	   UDP, Src Port: 49195 (49195), Dst Port: domain (53)

2540	   RECV VICTIM Time 0.021810 Domain Name System (response)
2541	   DNS Standard query response, No such name
2542	   Frame 190 (348 bytes on the wire)
2543	   UDP, Src Port: domain (53), Dst Port: 49195 (49195)

2545	   XMIT VICTIM Time 0.021863 Domain Name System (query)
2546	   DNS Standard query A 8-7.jo.cert-test.
2547	    123456789-123456789-123456789-123456789-123456789-123456789.
2548	    123456789-123456789-123456789-123456789-123456789.
2549	    123456789-123456789-123456789-123456789.
2550	    123456789-123456789-123456789.123456789-123456789.123456789.
2551	    example.com
2552	   Frame 191 (288 bytes on the wire)
2553	   UDP, Src Port: 57078 (57078), Dst Port: domain (53)

2555	   RECV VICTIM Time 0.021928 Domain Name System (response)
2556	   DNS Standard query response, No such name
2557	   Frame 192 (348 bytes on the wire)
2558	   UDP, Src Port: domain (53), Dst Port: 57078 (57078)

2560	   XMIT VICTIM Time 0.021982 Domain Name System (query)
2561	   DNS Standard query A 8-8.jo.cert-test.
2562	    123456789-123456789-123456789-123456789-123456789-123456789.
2563	    123456789-123456789-123456789-123456789-123456789.
2564	    123456789-123456789-123456789-123456789.
2565	    123456789-123456789-123456789.123456789-123456789.123456789.
2566	    example.com
2567	   Frame 193 (288 bytes on the wire)
2568	   UDP, Src Port: 57749 (57749), Dst Port: domain (53)

2570	   RECV VICTIM Time 0.022056 Domain Name System (response)
2571	   DNS Standard query response, No such name
2572	   Frame 194 (348 bytes on the wire)
2573	   UDP, Src Port: domain (53), Dst Port: 57749 (57749)

2575	   XMIT VICTIM Time 0.022110 Domain Name System (query)
2576	   DNS Standard query A 8-9.jo.cert-test.
2577	    123456789-123456789-123456789-123456789-123456789-123456789.
2578	    123456789-123456789-123456789-123456789-123456789.
2579	    123456789-123456789-123456789-123456789.
2580	    123456789-123456789-123456789.123456789-123456789.123456789.
2581	    example.com
2582	   Frame 195 (288 bytes on the wire)
2583	   UDP, Src Port: 52752 (52752), Dst Port: domain (53)
2584	   RECV VICTIM Time 0.022176 Domain Name System (response)
2585	   DNS Standard query response, No such name
2586	   Frame 196 (348 bytes on the wire)
2587	   UDP, Src Port: domain (53), Dst Port: 52752 (52752)

2589	   XMIT VICTIM Time 0.022730 Domain Name System (query)
2590	   DNS Standard query A 8-0.jo.cert-test.
2591	    123456789-123456789-123456789-123456789-123456789-123456789.
2592	    123456789-123456789-123456789-123456789-123456789.
2593	    123456789-123456789-123456789-123456789.
2594	    123456789-123456789-123456789.123456789-123456789.123456789.
2595	    example.com
2596	   Frame 197 (288 bytes on the wire)
2597	   UDP, Src Port: 51832 (51832), Dst Port: domain (53)

2599	   RECV VICTIM Time 0.022809 Domain Name System (response)
2600	   DNS Standard query response, No such name
2601	   Frame 198 (348 bytes on the wire)
2602	   UDP, Src Port: domain (53), Dst Port: 51832 (51832)

2604	   XMIT VICTIM Time 0.022886 Domain Name System (query)
2605	   DNS Standard query A 8-1.jo.cert-test.
2606	    123456789-123456789-123456789-123456789-123456789-123456789.
2607	    123456789-123456789-123456789-123456789-123456789.
2608	    123456789-123456789-123456789-123456789.
2609	    123456789-123456789-123456789.123456789-123456789.123456789.
2610	    example.com
2611	   Frame 199 (288 bytes on the wire)
2612	   UDP, Src Port: 50808 (50808), Dst Port: domain (53)

2614	   RECV VICTIM Time 0.022953 Domain Name System (response)
2615	   DNS Standard query response, No such name
2616	   Frame 200 (348 bytes on the wire)
2617	   UDP, Src Port: domain (53), Dst Port: 50808 (50808)

2619	   XMIT ATTACK Time 0.023015 Domain Name System (query)
2620	   DNS Standard query MX 9.jo.cert-test.mail-abuse.org
2621	   Frame 201 (79 bytes on the wire)
2622	   UDP, Src Port: 59035 (59035), Dst Port: domain (53)

2624	   RECV ATTACK Time 0.023258 Domain Name System (response)
2625	   DNS Standard query response MX 1 9-2.jo.cert-test.
2626	    123456789-123456789-123456789-123456789-123456789-123456789.
2627	    123456789-123456789-123456789-123456789-123456789.
2628	    123456789-123456789-123456789-123456789.
2629	    123456789-123456789-123456789.123456789-123456789.123456789.
2630	    example.com
2631	    MX 1 9-3.jo.cert-test.

2633	    123456789-123456789-123456789-123456789-123456789-123456789.
2634	    123456789-123456789-123456789-123456789-123456789.
2635	    123456789-123456789-123456789-123456789.
2636	    123456789-123456789-123456789.123456789-123456789.123456789.
2637	    example.com
2638	    MX 1 9-4.jo.cert-test.
2639	    123456789-123456789-123456789-123456789-123456789-123456789.
2640	    123456789-123456789-123456789-123456789-123456789.
2641	    123456789-123456789-123456789-123456789.
2642	    123456789-123456789-123456789.123456789-123456789.123456789.
2643	    example.com
2644	    MX 1 9-5.jo.cert-test.
2645	    123456789-123456789-123456789-123456789-123456789-123456789.
2646	    123456789-123456789-123456789-123456789-123456789.
2647	    123456789-123456789-123456789-123456789.
2648	    123456789-123456789-123456789.123456789-123456789.123456789.
2649	    example.com
2650	    MX 1 9-6.jo.cert-test.
2651	    123456789-123456789-123456789-123456789-123456789-123456789.
2652	    123456789-123456789-123456789-123456789-123456789.
2653	    123456789-123456789-123456789-123456789.
2654	    123456789-123456789-123456789.123456789-123456789.123456789.
2655	    example.com
2656	    MX 1 9-7.jo.cert-test.
2657	    123456789-123456789-123456789-123456789-123456789-123456789.
2658	    123456789-123456789-123456789-123456789-123456789.
2659	    123456789-123456789-123456789-123456789.
2660	    123456789-123456789-123456789.123456789-123456789.123456789.
2661	    example.com
2662	    MX 1 9-8.jo.cert-test.
2663	    123456789-123456789-123456789-123456789-123456789-123456789.
2664	    123456789-123456789-123456789-123456789-123456789.
2665	    123456789-123456789-123456789-123456789.
2666	    123456789-123456789-123456789.123456789-123456789.123456789.
2667	    example.com
2668	    MX 1 9-9.jo.cert-test.
2669	    123456789-123456789-123456789-123456789-123456789-123456789.
2670	    123456789-123456789-123456789-123456789-123456789.
2671	    123456789-123456789-123456789-123456789.
2672	    123456789-123456789-123456789.123456789-123456789.123456789.
2673	    example.com
2674	    MX 1 9-0.jo.cert-test.
2675	    123456789-123456789-123456789-123456789-123456789-123456789.
2676	    123456789-123456789-123456789-123456789-123456789.
2677	    123456789-123456789-123456789-123456789.
2678	    123456789-123456789-123456789.123456789-123456789.123456789.
2679	    example.com
2680	    MX 1 9-1.jo.cert-test.

2682	    123456789-123456789-123456789-123456789-123456789-123456789.
2683	    123456789-123456789-123456789-123456789-123456789.
2684	    123456789-123456789-123456789-123456789.
2685	    123456789-123456789-123456789.123456789-123456789.123456789.
2686	    example.com
2687	   Frame 202 (535 bytes on the wire)
2688	   UDP, Src Port: domain (53), Dst Port: 59035 (59035)

2690	   XMIT VICTIM Time 0.023359 Domain Name System (query)
2691	   DNS Standard query A 9-2.jo.cert-test.
2692	    123456789-123456789-123456789-123456789-123456789-123456789.
2693	    123456789-123456789-123456789-123456789-123456789.
2694	    123456789-123456789-123456789-123456789.
2695	    123456789-123456789-123456789.123456789-123456789.123456789.
2696	    example.com
2697	   Frame 203 (288 bytes on the wire)
2698	   UDP, Src Port: 50611 (50611), Dst Port: domain (53)

2700	   RECV VICTIM Time 0.023440 Domain Name System (response)
2701	   DNS Standard query response, No such name
2702	   Frame 204 (348 bytes on the wire)
2703	   UDP, Src Port: domain (53), Dst Port: 50611 (50611)

2705	   XMIT VICTIM Time 0.023496 Domain Name System (query)
2706	   DNS Standard query A 9-3.jo.cert-test.
2707	    123456789-123456789-123456789-123456789-123456789-123456789.
2708	    123456789-123456789-123456789-123456789-123456789.
2709	    123456789-123456789-123456789-123456789.
2710	    123456789-123456789-123456789.123456789-123456789.123456789.
2711	    example.com
2712	   Frame 205 (288 bytes on the wire)
2713	   UDP, Src Port: 61681 (61681), Dst Port: domain (53)

2715	   RECV VICTIM Time 0.023567 Domain Name System (response)
2716	   DNS Standard query response, No such name
2717	   Frame 206 (348 bytes on the wire)
2718	   UDP, Src Port: domain (53), Dst Port: 61681 (61681)

2720	   XMIT VICTIM Time 0.023622 Domain Name System (query)
2721	   DNS Standard query A 9-4.jo.cert-test.
2722	    123456789-123456789-123456789-123456789-123456789-123456789.
2723	    123456789-123456789-123456789-123456789-123456789.
2724	    123456789-123456789-123456789-123456789.
2725	    123456789-123456789-123456789.123456789-123456789.123456789.
2726	    example.com
2727	   Frame 207 (288 bytes on the wire)
2728	   UDP, Src Port: 58347 (58347), Dst Port: domain (53)
2729	   RECV VICTIM Time 0.023688 Domain Name System (response)
2730	   DNS Standard query response, No such name
2731	   Frame 208 (348 bytes on the wire)
2732	   UDP, Src Port: domain (53), Dst Port: 58347 (58347)

2734	   XMIT VICTIM Time 0.023742 Domain Name System (query)
2735	   DNS Standard query A 9-5.jo.cert-test.
2736	    123456789-123456789-123456789-123456789-123456789-123456789.
2737	    123456789-123456789-123456789-123456789-123456789.
2738	    123456789-123456789-123456789-123456789.
2739	    123456789-123456789-123456789.123456789-123456789.123456789.
2740	    example.com
2741	   Frame 209 (288 bytes on the wire)
2742	   UDP, Src Port: 54368 (54368), Dst Port: domain (53)

2744	   RECV VICTIM Time 0.023808 Domain Name System (response)
2745	   DNS Standard query response, No such name
2746	   Frame 210 (348 bytes on the wire)
2747	   UDP, Src Port: domain (53), Dst Port: 54368 (54368)

2749	   XMIT VICTIM Time 0.023861 Domain Name System (query)
2750	   DNS Standard query A 9-6.jo.cert-test.
2751	    123456789-123456789-123456789-123456789-123456789-123456789.
2752	    123456789-123456789-123456789-123456789-123456789.
2753	    123456789-123456789-123456789-123456789.
2754	    123456789-123456789-123456789.123456789-123456789.123456789.
2755	    example.com
2756	   Frame 211 (288 bytes on the wire)
2757	   UDP, Src Port: 60614 (60614), Dst Port: domain (53)

2759	   RECV VICTIM Time 0.023925 Domain Name System (response)
2760	   DNS Standard query response, No such name
2761	   Frame 212 (348 bytes on the wire)
2762	   UDP, Src Port: domain (53), Dst Port: 60614 (60614)

2764	   XMIT VICTIM Time 0.023991 Domain Name System (query)
2765	   DNS Standard query A 9-7.jo.cert-test.
2766	    123456789-123456789-123456789-123456789-123456789-123456789.
2767	    123456789-123456789-123456789-123456789-123456789.
2768	    123456789-123456789-123456789-123456789.
2769	    123456789-123456789-123456789.123456789-123456789.123456789.
2770	    example.com
2771	   Frame 213 (288 bytes on the wire)
2772	   UDP, Src Port: 55345 (55345), Dst Port: domain (53)

2774	   RECV VICTIM Time 0.024068 Domain Name System (response)
2775	   DNS Standard query response, No such name
2776	   Frame 214 (348 bytes on the wire)
2777	   UDP, Src Port: domain (53), Dst Port: 55345 (55345)

2779	   XMIT VICTIM Time 0.024123 Domain Name System (query)
2780	   DNS Standard query A 9-8.jo.cert-test.
2781	    123456789-123456789-123456789-123456789-123456789-123456789.
2782	    123456789-123456789-123456789-123456789-123456789.
2783	    123456789-123456789-123456789-123456789.
2784	    123456789-123456789-123456789.123456789-123456789.123456789.
2785	    example.com
2786	   Frame 215 (288 bytes on the wire)
2787	   UDP, Src Port: 51591 (51591), Dst Port: domain (53)

2789	   RECV VICTIM Time 0.024188 Domain Name System (response)
2790	   DNS Standard query response, No such name
2791	   Frame 216 (348 bytes on the wire)
2792	   UDP, Src Port: domain (53), Dst Port: 51591 (51591)

2794	   XMIT VICTIM Time 0.024243 Domain Name System (query)
2795	   DNS Standard query A 9-9.jo.cert-test.
2796	    123456789-123456789-123456789-123456789-123456789-123456789.
2797	    123456789-123456789-123456789-123456789-123456789.
2798	    123456789-123456789-123456789-123456789.
2799	    123456789-123456789-123456789.123456789-123456789.123456789.
2800	    example.com
2801	   Frame 217 (288 bytes on the wire)
2802	   UDP, Src Port: 63273 (63273), Dst Port: domain (53)

2804	   RECV VICTIM Time 0.024307 Domain Name System (response)
2805	   DNS Standard query response, No such name
2806	   Frame 218 (348 bytes on the wire)
2807	   UDP, Src Port: domain (53), Dst Port: 63273 (63273)

2809	   XMIT VICTIM Time 0.024362 Domain Name System (query)
2810	   DNS Standard query A 9-0.jo.cert-test.
2811	    123456789-123456789-123456789-123456789-123456789-123456789.
2812	    123456789-123456789-123456789-123456789-123456789.
2813	    123456789-123456789-123456789-123456789.
2814	    123456789-123456789-123456789.123456789-123456789.123456789.
2815	    example.com
2816	   Frame 219 (288 bytes on the wire)
2817	   UDP, Src Port: 55263 (55263), Dst Port: domain (53)

2819	   RECV VICTIM Time 0.024427 Domain Name System (response)
2820	   DNS Standard query response, No such name
2821	   Frame 220 (348 bytes on the wire)
2822	   UDP, Src Port: domain (53), Dst Port: 55263 (55263)

2824	   XMIT VICTIM Time 0.024483 Domain Name System (query)
2825	   DNS Standard query A 9-1.jo.cert-test.
2826	    123456789-123456789-123456789-123456789-123456789-123456789.
2827	    123456789-123456789-123456789-123456789-123456789.
2828	    123456789-123456789-123456789-123456789.
2829	    123456789-123456789-123456789.123456789-123456789.123456789.
2830	    example.com
2831	   Frame 221 (288 bytes on the wire)
2832	   UDP, Src Port: 49820 (49820), Dst Port: domain (53)

2834	   RECV VICTIM Time 0.024551 Domain Name System (response)
2835	   DNS Standard query response, No such name
2836	   Frame 222 (348 bytes on the wire)
2837	   UDP, Src Port: domain (53), Dst Port: 49820 (49820)

2839	Author's Address

2841	   Douglas Otis
2842	   Trend Micro, NSSG
2843	   1737 North First Street, Suite 680
2844	   San Jose, CA  95112
2845	   USA

2847	   Phone: +1.408.453.6277
2848	   Email: doug_otis@trendmicro.com

2850	Intellectual Property Statement

2852	   The IETF takes no position regarding the validity or scope of any
2853	   Intellectual Property Rights or other rights that might be claimed to
2854	   pertain to the implementation or use of the technology described in
2855	   this document or the extent to which any license under such rights
2856	   might or might not be available; nor does it represent that it has
2857	   made any independent effort to identify any such rights.  Information
2858	   on the procedures with respect to rights in RFC documents can be
2859	   found in BCP 78 and BCP 79.

2861	   Copies of IPR disclosures made to the IETF Secretariat and any
2862	   assurances of licenses to be made available, or the result of an
2863	   attempt made to obtain a general license or permission for the use of
2864	   such proprietary rights by implementers or users of this
2865	   specification can be obtained from the IETF on-line IPR repository at
2866	   http://www.ietf.org/ipr.

2868	   The IETF invites any interested party to bring to its attention any
2869	   copyrights, patents or patent applications, or other proprietary
2870	   rights that may cover technology that may be required to implement
2871	   this standard.  Please address the information to the IETF at
2872	   ietf-ipr@ietf.org.

2874	Disclaimer of Validity

2876	   This document and the information contained herein are provided on an
2877	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
2878	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
2879	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
2880	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
2881	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
2882	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

2884	Copyright Statement

2886	   Copyright (C) The Internet Society (2006).  This document is subject
2887	   to the rights, licenses and restrictions contained in BCP 78, and
2888	   except as set forth therein, the authors retain all their rights.

2890	Acknowledgment

2892	   Funding for the RFC Editor function is currently provided by the
2893	   Internet Society.