nanog mailing list archives

Re: Malicious DNS request?

From: Brad Knowles <brad () stop mail-abuse org>
Date: Thu, 12 May 2005 16:43:07 +0200


At 12:41 PM +0400 2005-05-12, Gadi Evron quoted Joe Shen:

 How could such request be filtered or minimize its
 affaction on DNS server?


 Either this is a DDoS (woohoo!! I used the forbidden word) or you are
 seeing a botnet trying to connect and putting in some smoke-screen while
 at it to try and poison dns-top.

 I'd suggest dropping requests for domains you don't hold.


        That's kind of hard to do if you're running a recursive/caching nameserver.

--
Brad Knowles, <brad () stop mail-abuse org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

    -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
    Assembly to the Governor, November 11, 1755

  SAGE member since 1995.  See <http://www.sage.org/> for more info.

Current thread:

Malicious DNS request? Joe Shen (May 12)
- Re: Malicious DNS request? Suresh Ramasubramanian (May 12)
- Re: Malicious DNS request? Gadi Evron (May 12)
  - Re: Malicious DNS request? Brad Knowles (May 12)
    - Re: Malicious DNS request? Valdis . Kletnieks (May 12)
    - Re: Malicious DNS request? Brad Knowles (May 12)
    - Message not available
    - Re: Malicious DNS request? Bill Stewart (May 15)
- <Possible follow-ups>
- Re: Malicious DNS request? Joe Shen (May 17)
  - Re: Malicious DNS request? Paul Vixie (May 17)
    - Network Mitigation Devices Kevin Billings (May 17)
    - Microsoft broke MTU discovery by last security pathces?? Alexei Roudnev (May 17)
    - Re: Microsoft broke MTU discovery by last security pathces?? Mike Tancsa (May 17)
- Re: Malicious DNS request? Joe Shen (May 17)
- Re: Malicious DNS request? Joe Shen (May 17)

(Thread continues...)