[dns-operations] new reflection attack

Roy Arends roy at dnss.ec
Thu Oct 11 09:38:15 UTC 2012

On Oct 11, 2012, at 10:31 AM, Simon Munton wrote:

> From 2am (UTC) this morning we've been getting a reflection attack hitting mostly our node in LU, and a little on the one in RIPE.
> Its very easy to spot, its an ANY query for "." (ROOT), and has EDNS0 packet size declared is 9000
> Currently its below background noise, but be interested to know if others are seeing it.
> http://stats.cdns.net/public/
> They are hitting pretty much all the IPs we use for hosting ccTLDs, so we wondered if they were simply going round & round the IPs in the ROOT zone.

Are you hosting the root zone?


More information about the dns-operations mailing list