nanog mailing list archives
Re: DOS attack against DNS?
From: Jeroen Massar <jeroen () unfix org>
Date: Sun, 15 Jan 2006 17:00:19 +0100
Mark Andrews wrote:
In article <43C9EF72.50803 () garlic com> you write:I just started seeing thousands of DNS queries that look like some sort of DOS attack. One log entry is below with the IP obscured. client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E When you look at z.tn.co.za you see a huge TXT record. Is anyone else seeing this attack or am I the lucky one? Is this a known attack? RoyYou are being used as a DoS amplifier. The queries will be spoofed. Someone needs to learn about BCP 38.
Next to not running a $world recursive/caching service ;) Which is where the OP can actually do something about this problem. Folks who don't do ingress filtering will not be bothered to get it going unfortunately... Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- DOS attack against DNS? Roy (Jan 14)
- Re: DOS attack against DNS? Mark Andrews (Jan 14)
- Re: DOS attack against DNS? Jeroen Massar (Jan 15)
- Re: DOS attack against DNS? Mark Andrews (Jan 15)
- Re: DOS attack against DNS? Paul Vixie (Jan 16)
- Re: DOS attack against DNS? Joel Jaeggli (Jan 16)
- Re: DOS attack against DNS? Paul Vixie (Jan 16)
- Re: DOS attack against DNS? Daniel Senie (Jan 16)
- Re: DOS attack against DNS? Mark Andrews (Jan 16)
- Re: DOS attack against DNS? Jeroen Massar (Jan 15)
- Re: DOS attack against DNS? Mark Andrews (Jan 14)
- Re: DOS attack against DNS? bmanning (Jan 15)
- Re: DOS attack against DNS? Paul Vixie (Jan 15)
- Re: DOS attack against DNS? Mark Andrews (Jan 15)