Attack on the DNS ?

Lamar Owen lowen at pari.edu
Sat Mar 31 22:03:15 UTC 2012


On Saturday, March 31, 2012 04:28:17 PM sthaug at nethelp.no wrote:
> ANY queries for isc.org and ripe.net are popular (ietf.org has also been
> seen), since they give a potentially large amplification factor.

FWIW, saw ANY queries at a rate of 10 per second from one IP to a DNS server today, all for isc.org.  Saw a few hundred more for tmss.trendmicro.com from a different IP. Other popular names include plus.google.com, maps.google.com, and play.google.com. (all denied by that particular server, which is patched against such).

Anyone know if there's a project to track popular amplification names?  :-)




More information about the NANOG mailing list