really nasty attacks
bortzmeyer at nic.fr
Thu Sep 27 18:26:04 UTC 2012
On Thu, Sep 27, 2012 at 12:12:50PM -0400,
Patrick W. Gilmore <patrick at ianai.net> wrote
a message of 32 lines which said:
> I do not know of any name servers that reply to queries with UDP
> packets filled with only the letter X. The DNS Headers alone
> require more than the letter "X".
Yes, you're right but I'm not sure we should take the original report
too litterally. May be he meant there were a lot of X in the packets
(and he missed the headers), which is consistent with DNS "large TXT"
attacks such as the one described in
<http://technet.microsoft.com/en-us/security/hh972393.aspx> (where the
attacker filled with consecutive numbers, not X).
Anyway, without the actual pcap file, it is only speculation.
More information about the NANOG