[dns-operations] "NS .", the attack of the month?

Jelte Jansen jelte at NLnetLabs.nl
Sun Jan 25 00:10:07 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jelte Jansen wrote:
> Stephane Bortzmeyer wrote:
>> At least dnscap is great to watch it:
> ~> sudo tcpdump port 53 -w - | ldns-dpa -f 'qtype=NS&qr=0' -sf | grep From:

err, it's getting late, that of course does not filter on '.' queries.

The next version will have a qname filter function, available in the development
version as of three minutes ago;

~> time sudo tcpdump port 53 -w - | ldns-dpa -f 'qname=.&qtype=NS&qr=0' -sf |
grep From:

I also see some other addresses (so far i've counted 4), but the 206 one is by
far most frequent.

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkl7rd8ACgkQ4nZCKsdOncVTlgCeK4c7eikBsvQvg++6/LsRShaF
8X8AnirohH1z+8blRHQSo5BmlBjDFah6
=mhWq
-----END PGP SIGNATURE-----



More information about the dns-operations mailing list