Home page logo

nanog logo nanog mailing list archives

Re: DNS Amplification attack?
From: Kameron Gasso <kgasso-lists () visp net>
Date: Tue, 20 Jan 2009 18:16:45 -0800

Wil Schultz wrote:
Anyone else noticing "." requests coming in to your DNS servers?


I'm seeing them coming from the following addresses in my ns server logs.

We're also seeing a great number of these, but the idiots spoofing the
queries are hitting several non-recursive nameservers we host - and only
generating 59-byte "REFUSED" replies.

Looks like they probably just grabbed a bunch of DNS hosts out of WHOIS
and hoped that they were recursive resolvers.

Kameron Gasso | Senior Systems Administrator | visp.net
Direct: 541-955-6903 | Fax: 541-471-0821

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]