[dns-operations] MX record scanning

Simon Munton Simon.Munton at communitydns.net
Tue May 10 10:19:59 UTC 2011

On 10/05/2011 00:56, Igor Sviridov wrote:
> So far we were not able to confirm if source addresses were indeed
> faked (and it's a DNS amplification attack against spammers, a weak
> one at that), or, reverse, it's a SPAM botnet gathering list of valid
> domains via brute-force; second option does appear more likely.

I've given this some thought - if it was an amplification attack, then 
they would have been more effective to hit domains that exist - NXDOMAIN 
replies give very little amplification.

On the other hand, the very wide spread of source IP suggests its not 
just simple spammer mailings.

very odd!

More information about the dns-operations mailing list