[dns-operations] annoying DDoS attack on ns0.rfc1035.com

Zuleger, Holger, Vodafone Germany holger.zuleger at vodafone.com
Mon Jun 11 08:05:59 UTC 2012

> > What I don't understand is that the source adresses are mostly out
> > of dynamic address pools from broadband ISP around the world.
> > So the victims are residentinal users?
> No, most likely the residential users have CPEs with DNS proxies which
> are open to queries from the WAN side. Thus the attack is typically:
> spoofed source -> CPE -> name server -> CPE -> DoS of spooofed source
Oh, thanks. That's the missing link. 

More information about the dns-operations mailing list