nanog mailing list archives
Re: Attack on the DNS ?
From: Adrian Minta <adrian.minta () gmail com>
Date: Sat, 31 Mar 2012 21:26:25 +0300
We already have this type of attack in Bucharest/Romania since last Friday. The targets where IP's of some local webhosters, but at one moment we event saw IP's from Go Daddy.
Tcpdump will show something like:11:10:41.447079 IP target > open_resolver_ip.53: 80+ [1au] ANY? isc.org. (37) 11:10:41.447082 IP target > open_resolver_ip.53: 59147+ [1au] ANY? isc.org. (37) 11:10:41.447084 IP target > open_resolver_ip.53: 13885+ [1au] ANY? isc.org. (37)
After one week the attack has been mostly mitigated, and the remaining open resolvers are probably windows servers. Apparently in bill'g world is impossible to restrict the recursion.
Current thread:
- Attack on the DNS ? Marshall Eubanks (Mar 31)
- Re: Attack on the DNS ? sthaug (Mar 31)
- Re: Attack on the DNS ? Adrian Minta (Mar 31)
- Re: Attack on the DNS ? sthaug (Mar 31)
- Re: Attack on the DNS ? Lamar Owen (Mar 31)
- Re: Attack on the DNS ? Greg Ihnen (Mar 31)
- Re: Attack on the DNS ? Greg Ihnen (Mar 31)
- Re: Attack on the DNS ? Greg Ihnen (Mar 31)
- Re: Attack on the DNS ? Ameen Pishdadi (Mar 31)
- Re: Attack on the DNS ? sthaug (Mar 31)
- Re: Attack on the DNS ? Valdis . Kletnieks (Mar 31)
- <Possible follow-ups>
- Re: Attack on the DNS ? Stephane Bortzmeyer (Mar 31)