[dns-operations] DNS ANY record queries - Reflection Attacks

Hauke Lampe lampe at hauke-lampe.de
Tue Sep 11 11:51:36 UTC 2012


On 11.09.2012 05:52, Robert Schwartz wrote:

> The question I have for you all is: Is this something affecting other
> operators? How have you been dealing with it?

The largest attack came in at >20k queries/second at one of our
authoritative servers and frequently crashed the Realtek NIC and/or driver.

For the last weeks, I see a constant rate of about 6-7k qps, all ANY
queries to a single domain. The NIC driver still logs a few errors but
the server didn't crash again so far.

For now, iptables rate filtering keeps the bulk of it away from the NS,
though I start to see new patterns, e.g. querying non-existend TLDs.


Hauke.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120911/8d31de86/attachment.sig>


More information about the dns-operations mailing list