DNS Amplification attack?

• Previous message (by thread): DNS Amplification attack?
• Next message (by thread): DNS Amplification attack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wil Schultz wrote:
> Anyone else noticing "." requests coming in to your DNS servers?
> 
> http://isc.sans.org/diary.html?storyid=5713
> 
> I'm seeing them coming from the following addresses in my ns server logs.
> 
> 69.50.142.110
> 69.50.142.11
> 76.9.16.171
> 66.230.128.15
> 66.230.160.1

We're also seeing a great number of these, but the idiots spoofing the
queries are hitting several non-recursive nameservers we host - and only
generating 59-byte "REFUSED" replies.

Looks like they probably just grabbed a bunch of DNS hosts out of WHOIS
and hoped that they were recursive resolvers.

-- 
Kameron Gasso | Senior Systems Administrator | visp.net
Direct: 541-955-6903 | Fax: 541-471-0821

• Previous message (by thread): DNS Amplification attack?
• Next message (by thread): DNS Amplification attack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]