mailing list archives
Re: DOS attack against DNS?
From: Jeroen Massar <jeroen () unfix org>
Date: Sun, 15 Jan 2006 17:00:19 +0100
Mark Andrews wrote:
In article <43C9EF72.50803 () garlic com> you write:
I just started seeing thousands of DNS queries that look like some sort
of DOS attack. One log entry is below with the IP obscured.
client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
When you look at z.tn.co.za you see a huge TXT record.
Is anyone else seeing this attack or am I the lucky one? Is this a
You are being used as a DoS amplifier. The queries will be
spoofed. Someone needs to learn about BCP 38.
Next to not running a $world recursive/caching service ;)
Which is where the OP can actually do something about this problem.
Folks who don't do ingress filtering will not be bothered to get it
Description: OpenPGP digital signature
Re: DOS attack against DNS? Paul Vixie (Jan 15)