North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: DOS attack against DNS?
- From: Jeroen Massar
- Date: Sun Jan 15 11:03:40 2006
- Openpgp: id=333E7C23;url=http://unfix.org/~jeroen/jeroen-unfix.org-pgpkey
Mark Andrews wrote:
> In article <43C9EF72.email@example.com> you write:
>> I just started seeing thousands of DNS queries that look like some sort
>> of DOS attack. One log entry is below with the IP obscured.
>> client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
>> When you look at z.tn.co.za you see a huge TXT record.
>> Is anyone else seeing this attack or am I the lucky one? Is this a
>> known attack?
> You are being used as a DoS amplifier. The queries will be
> spoofed. Someone needs to learn about BCP 38.
Next to not running a $world recursive/caching service ;)
Which is where the OP can actually do something about this problem.
Folks who don't do ingress filtering will not be bothered to get it
Description: OpenPGP digital signature