[dns-operations] DNS ANY record queries - Reflection Attacks

Robert Schwartz smellyspice at gmail.com
Tue Sep 11 03:52:34 UTC 2012


Hi All,

We run a bunch of authoritative servers and have recently observed activity
best described in a post we found here:
https://isc.sans.edu/diary/DNS+ANY+Request+Cannon+-+Need+More+Packets/13261

Using the iptables rules posted as a comment by Network Mouse (in the above
post), we've been able to reduce the amount of junk being sent to the
target host. Most of the target hosts seem to be in Asia, just like those
mentioned in the Sans post.

The question I have for you all is: Is this something affecting other
operators? How have you been dealing with it?

Thanks in advance for your feedback.

-Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120910/d247110a/attachment.html>


More information about the dns-operations mailing list