[dns-operations] MX record scanning
Simon.Munton at communitydns.net
Tue May 10 10:19:59 UTC 2011
On 10/05/2011 00:56, Igor Sviridov wrote:
> So far we were not able to confirm if source addresses were indeed
> faked (and it's a DNS amplification attack against spammers, a weak
> one at that), or, reverse, it's a SPAM botnet gathering list of valid
> domains via brute-force; second option does appear more likely.
I've given this some thought - if it was an amplification attack, then
they would have been more effective to hit domains that exist - NXDOMAIN
replies give very little amplification.
On the other hand, the very wide spread of source IP suggests its not
just simple spammer mailings.
More information about the dns-operations