[dns-operations] annoying DDoS attack on ns0.rfc1035.com
Tony Finch
dot at dotat.at
Mon Jun 11 12:48:26 UTC 2012
Jim Reid <jim at rfc1035.com> wrote:
>
> I posted here to see if anyone else is experiencing this behaviour or can
> identify the root cause. DDoS attacks against "important" name servers are
> fairly common. Could the bad guys now be picking easier targets that may be
> more likely to fall over? And why pick on my name server which has never done
> anyone any harm?
We've been getting 1000-3000 queries per second for cam.ac.uk for at least
the last ten days or so. We have deployed DNSSEC so the responses are
fairly chunky 2KB fragmented UDP packets.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Portland: Variable 3 or 4, becoming northerly or northwesterly 4 or 5,
occasionally 6 in east. Slight or moderate. Occasional rain. Moderate or good,
occasionally poor.
More information about the dns-operations
mailing list