nanog mailing list archives

Re: DOS attack against DNS?

From: Jeroen Massar <jeroen () unfix org>
Date: Sun, 15 Jan 2006 17:00:19 +0100

Mark Andrews wrote:

In article <43C9EF72.50803 () garlic com> you write:

I just started seeing thousands of DNS queries that look like some sort 
of DOS attack.  One log entry is below with the IP obscured.

client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E

When you look at z.tn.co.za you see a huge TXT record.

Is anyone else seeing this attack or am I the lucky one?  Is this a 
known attack?

Roy


      You are being used as a DoS amplifier.  The queries will be
      spoofed.  Someone needs to learn about BCP 38.


Next to not running a $world recursive/caching service ;)
Which is where the OP can actually do something about this problem.
Folks who don't do ingress filtering will not be bothered to get it
going unfortunately...

Greets,
 Jeroen

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

DOS attack against DNS? Roy (Jan 14)
- Re: DOS attack against DNS? Mark Andrews (Jan 14)
  - Re: DOS attack against DNS? Jeroen Massar (Jan 15)
    - Re: DOS attack against DNS? Mark Andrews (Jan 15)
    - Re: DOS attack against DNS? Paul Vixie (Jan 16)
    - Re: DOS attack against DNS? Joel Jaeggli (Jan 16)
    - Re: DOS attack against DNS? Paul Vixie (Jan 16)
    - Re: DOS attack against DNS? Daniel Senie (Jan 16)
    - Re: DOS attack against DNS? Mark Andrews (Jan 16)
- Re: DOS attack against DNS? Paul Vixie (Jan 15)
  - Re: DOS attack against DNS? bmanning (Jan 15)
    - Re: DOS attack against DNS? Paul Vixie (Jan 15)
    - Re: DOS attack against DNS? Mark Andrews (Jan 15)

(Thread continues...)