Home page logo

nanog logo nanog mailing list archives

Re: DOS attack against DNS?
From: Jeroen Massar <jeroen () unfix org>
Date: Sun, 15 Jan 2006 17:00:19 +0100

Mark Andrews wrote:
In article <43C9EF72.50803 () garlic com> you write:
I just started seeing thousands of DNS queries that look like some sort 
of DOS attack.  One log entry is below with the IP obscured.

client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E

When you look at z.tn.co.za you see a huge TXT record.

Is anyone else seeing this attack or am I the lucky one?  Is this a 
known attack?


      You are being used as a DoS amplifier.  The queries will be
      spoofed.  Someone needs to learn about BCP 38.

Next to not running a $world recursive/caching service ;)
Which is where the OP can actually do something about this problem.
Folks who don't do ingress filtering will not be bothered to get it
going unfortunately...


Attachment: signature.asc
Description: OpenPGP digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]