Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DOS attack against DNS?

  • From: Jeroen Massar
  • Date: Sun Jan 15 11:03:40 2006
  • Openpgp: id=333E7C23;url=http://unfix.org/~jeroen/jeroen-unfix.org-pgpkey

Mark Andrews wrote:
> In article <43C9EF72.50803@garlic.com> you write:
>> I just started seeing thousands of DNS queries that look like some sort 
>> of DOS attack.  One log entry is below with the IP obscured.
>>
>> client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
>>
>> When you look at z.tn.co.za you see a huge TXT record.
>>
>> Is anyone else seeing this attack or am I the lucky one?  Is this a 
>> known attack?
>>
>> Roy
> 
> 	You are being used as a DoS amplifier.  The queries will be
> 	spoofed.  Someone needs to learn about BCP 38.

Next to not running a $world recursive/caching service ;)
Which is where the OP can actually do something about this problem.
Folks who don't do ingress filtering will not be bothered to get it
going unfortunately...

Greets,
 Jeroen

Attachment: signature.asc
Description: OpenPGP digital signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.