[dns-operations] New subscribers

John Kristoff jtk at cymru.com
Fri Jan 7 22:06:49 UTC 2011


On Thu, 06 Jan 2011 12:32:39 -0700
Jeff Taylor <shdwdrgn at sourpuss.net> wrote:

> Another member of the project recommended I join this mailing list
> due quite a number of DNS attacks via my servers since this Summer - 
> initially spoofing IP's within my local subnet, but most recently 
> they're just hammering my server directly with "isc.org ANY"
> queries. If this topic is suitable for this group, let me know and
> I'll open up a new thread with details.

Awhile back I had seen this:

  2010-03-28T10:19:27+00:00
  saddr: 24.138.162.251 (ASN 23184 / PERSONA COMMUNICATIONS INC / CA)
  sport: 51095
  query: IN ANY isc.org
  flags: rd, edns, dnssec ok

I had asked the isc.org folks at the time and Paul stated it wasn't
them.  Never followed up to find out what it was.  Compare to what you
saw.

In November and December of last year I saw some widespread isc.org TXT
queries coming from 217.79.190.53 if that is of interest to anyone.

John



More information about the dns-operations mailing list