nanog mailing list archives
Re: random dns queries with random sources
From: sthaug () nethelp no
Date: Wed, 19 Feb 2014 10:26:23 +0100 (CET)
It has been ongoing for a week or so (but not constant). The domain names have a pattern but are comprised of components that appear to be randomly generated. The source IP addresses for the queries appear to be non duplicated and randomly generated. query logs are available for unicasting to the interested. Has nobody else seen this?
We've seen it. It is pretty clearly an attack against authoritative name servers for various domains, using open recursors or proxies to reflect the queries. Steinar Haug, AS 2116
Current thread:
- Re: random dns queries with random sources, (continued)
- Re: random dns queries with random sources Christopher Morrow (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources sthaug (Feb 19)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources George Herbert (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources Owen DeLong (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources sthaug (Feb 19)
- Re: random dns queries with random sources Dobbins, Roland (Feb 19)
- Re: random dns queries with random sources Simon Perreault (Feb 19)
- Re: random dns queries with random sources Tempest (Feb 19)
- RE: random dns queries with random sources Beeman, Davis (Feb 19)
- Re: random dns queries with random sources Pavel Zeleny (Feb 20)