[dns-operations] MX record scanning
Simon Munton
Simon.Munton at communitydns.net
Tue May 10 10:19:59 UTC 2011
On 10/05/2011 00:56, Igor Sviridov wrote:
> So far we were not able to confirm if source addresses were indeed
> faked (and it's a DNS amplification attack against spammers, a weak
> one at that), or, reverse, it's a SPAM botnet gathering list of valid
> domains via brute-force; second option does appear more likely.
I've given this some thought - if it was an amplification attack, then
they would have been more effective to hit domains that exist - NXDOMAIN
replies give very little amplification.
On the other hand, the very wide spread of source IP suggests its not
just simple spammer mailings.
very odd!
More information about the dns-operations
mailing list