[dns-operations] New subscribers
John Kristoff
jtk at cymru.com
Fri Jan 7 22:06:49 UTC 2011
On Thu, 06 Jan 2011 12:32:39 -0700
Jeff Taylor <shdwdrgn at sourpuss.net> wrote:
> Another member of the project recommended I join this mailing list
> due quite a number of DNS attacks via my servers since this Summer -
> initially spoofing IP's within my local subnet, but most recently
> they're just hammering my server directly with "isc.org ANY"
> queries. If this topic is suitable for this group, let me know and
> I'll open up a new thread with details.
Awhile back I had seen this:
2010-03-28T10:19:27+00:00
saddr: 24.138.162.251 (ASN 23184 / PERSONA COMMUNICATIONS INC / CA)
sport: 51095
query: IN ANY isc.org
flags: rd, edns, dnssec ok
I had asked the isc.org folks at the time and Paul stated it wasn't
them. Never followed up to find out what it was. Compare to what you
saw.
In November and December of last year I saw some widespread isc.org TXT
queries coming from 217.79.190.53 if that is of interest to anyone.
John
More information about the dns-operations
mailing list