DOS attack against DNS?

Jeroen Massar jeroen at unfix.org
Sun Jan 15 16:00:19 UTC 2006


Mark Andrews wrote:
> In article <43C9EF72.50803 at garlic.com> you write:
>> I just started seeing thousands of DNS queries that look like some sort 
>> of DOS attack.  One log entry is below with the IP obscured.
>>
>> client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
>>
>> When you look at z.tn.co.za you see a huge TXT record.
>>
>> Is anyone else seeing this attack or am I the lucky one?  Is this a 
>> known attack?
>>
>> Roy
> 
> 	You are being used as a DoS amplifier.  The queries will be
> 	spoofed.  Someone needs to learn about BCP 38.

Next to not running a $world recursive/caching service ;)
Which is where the OP can actually do something about this problem.
Folks who don't do ingress filtering will not be bothered to get it
going unfortunately...

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 238 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060115/99c6a3d9/attachment.sig>


More information about the NANOG mailing list