nanog mailing list archives
RE: Recent DNS attacks from China?
From: Drew Weaver <drew.weaver () thenap com>
Date: Wed, 30 Nov 2011 15:12:09 -0500
-----Original Message----- From: Rob.Vercouteren () kpn com [mailto:Rob.Vercouteren () kpn com] Sent: Wednesday, November 30, 2011 3:05 PM To: MatlockK () exempla org; richard.barnes () gmail com; andrew.wallace () rocketmail com Cc: nanog () nanog org; leland () taranta discpro org Subject: RE: Recent DNS attacks from China? Yes it is, but the problem is that our servers are "attacking" the so called source address. All the answers are going back to the "source". It is huge amplification attacks. (some sort of smurf if you want) The ip addresses are spoofed (We did a capture and saw all different ttl's so coming from behind different hops) And yes we saw the ANY queries for all the domains. I still wonder how it is still possible that ip addresses can be spoofed nowadays ================= Rob, Transit providers can bill for the denial of service traffic and they claim it's too expensive to run URPF because of the extra lookup. -Drew
Current thread:
- Recent DNS attacks from China? Leland Vandervort (Nov 30)
- Re: Recent DNS attacks from China? david raistrick (Nov 30)
- Re: Recent DNS attacks from China? Chris Adams (Nov 30)
- Re: Recent DNS attacks from China? andrew.wallace (Nov 30)
- Re: Recent DNS attacks from China? Valdis . Kletnieks (Nov 30)
- Re: Recent DNS attacks from China? Richard Barnes (Nov 30)
- RE: Recent DNS attacks from China? Matlock, Kenneth L (Nov 30)
- RE: Recent DNS attacks from China? Rob.Vercouteren (Nov 30)
- RE: Recent DNS attacks from China? Drew Weaver (Nov 30)
- <Possible follow-ups>
- Re: Recent DNS attacks from China? Rob.Vercouteren (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? David Conrad (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? sthaug (Nov 30)