[dns-operations] "NS .", the attack of the month?
bortzmeyer at nic.fr
Sat Jan 24 22:05:40 UTC 2009
It is still trendy, apparently. As I watch one recursive name server
(but I see nothing on many others), I see a 2-3 p/s "NS ." queries
claiming to come from 220.127.116.11 and even from 18.104.22.168
Still no perfect solution for it?
At least dnscap is great to watch it:
sudo dnscap -i eth0 -w isprime-attack -g -s i -x '^\.$'
Any way with dnscap to restrict the QTYPE of the query?
More information about the dns-operations