[dns-operations] "NS .", the attack of the month?
Jelte Jansen
jelte at NLnetLabs.nl
Sun Jan 25 00:10:07 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jelte Jansen wrote:
> Stephane Bortzmeyer wrote:
>> At least dnscap is great to watch it:
> ~> sudo tcpdump port 53 -w - | ldns-dpa -f 'qtype=NS&qr=0' -sf | grep From:
err, it's getting late, that of course does not filter on '.' queries.
The next version will have a qname filter function, available in the development
version as of three minutes ago;
~> time sudo tcpdump port 53 -w - | ldns-dpa -f 'qname=.&qtype=NS&qr=0' -sf |
grep From:
I also see some other addresses (so far i've counted 4), but the 206 one is by
far most frequent.
Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkl7rd8ACgkQ4nZCKsdOncVTlgCeK4c7eikBsvQvg++6/LsRShaF
8X8AnirohH1z+8blRHQSo5BmlBjDFah6
=mhWq
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list