really nasty attacks

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Sep 27 18:26:04 UTC 2012


On Thu, Sep 27, 2012 at 12:12:50PM -0400,
 Patrick W. Gilmore <patrick at ianai.net> wrote 
 a message of 32 lines which said:

> I do not know of any name servers that reply to queries with UDP
> packets filled with only the letter X.  The DNS Headers alone
> require more than the letter "X".

Yes, you're right but I'm not sure we should take the original report
too litterally. May be he meant there were a lot of X in the packets
(and he missed the headers), which is consistent with DNS "large TXT"
attacks such as the one described in
<http://technet.microsoft.com/en-us/security/hh972393.aspx> (where the
attacker filled with consecutive numbers, not X).

Anyway, without the actual pcap file, it is only speculation.




More information about the NANOG mailing list