DOS attack against DNS?
Jeroen Massar
jeroen at unfix.org
Sun Jan 15 16:00:19 UTC 2006
Mark Andrews wrote:
> In article <43C9EF72.50803 at garlic.com> you write:
>> I just started seeing thousands of DNS queries that look like some sort
>> of DOS attack. One log entry is below with the IP obscured.
>>
>> client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
>>
>> When you look at z.tn.co.za you see a huge TXT record.
>>
>> Is anyone else seeing this attack or am I the lucky one? Is this a
>> known attack?
>>
>> Roy
>
> You are being used as a DoS amplifier. The queries will be
> spoofed. Someone needs to learn about BCP 38.
Next to not running a $world recursive/caching service ;)
Which is where the OP can actually do something about this problem.
Folks who don't do ingress filtering will not be bothered to get it
going unfortunately...
Greets,
Jeroen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 238 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060115/99c6a3d9/attachment.sig>
More information about the NANOG
mailing list