nanog mailing list archives
Re: DNS Amplification attack?
From: Kameron Gasso <kgasso-lists () visp net>
Date: Tue, 20 Jan 2009 18:16:45 -0800
Wil Schultz wrote:
Anyone else noticing "." requests coming in to your DNS servers? http://isc.sans.org/diary.html?storyid=5713 I'm seeing them coming from the following addresses in my ns server logs. 69.50.142.110 69.50.142.11 76.9.16.171 66.230.128.15 66.230.160.1
We're also seeing a great number of these, but the idiots spoofing the queries are hitting several non-recursive nameservers we host - and only generating 59-byte "REFUSED" replies. Looks like they probably just grabbed a bunch of DNS hosts out of WHOIS and hoped that they were recursive resolvers. -- Kameron Gasso | Senior Systems Administrator | visp.net Direct: 541-955-6903 | Fax: 541-471-0821
Current thread:
- DNS Amplification attack? Wil Schultz (Jan 20)
- Re: DNS Amplification attack? Raoul Bhatia [IPAX] (Jan 20)
- Re: DNS Amplification attack? David W. Hankins (Jan 20)
- Re: DNS Amplification attack? Mark Andrews (Jan 20)
- Re: DNS Amplification attack? David Coulthart (Jan 21)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? Stuart Henderson (Jan 21)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- <Possible follow-ups>
- Re: DNS Amplification attack? jay (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? jay (Jan 20)
- Re: DNS Amplification attack? Mark Andrews (Jan 20)
- Re: DNS Amplification attack? Crist Clark (Jan 21)
- Re: DNS Amplification attack? Chris Adams (Jan 20)