[dns-operations] DNS ANY record queries - Reflection Attacks
lampe at hauke-lampe.de
Tue Sep 11 11:51:36 UTC 2012
On 11.09.2012 05:52, Robert Schwartz wrote:
> The question I have for you all is: Is this something affecting other
> operators? How have you been dealing with it?
The largest attack came in at >20k queries/second at one of our
authoritative servers and frequently crashed the Realtek NIC and/or driver.
For the last weeks, I see a constant rate of about 6-7k qps, all ANY
queries to a single domain. The NIC driver still logs a few errors but
the server didn't crash again so far.
For now, iptables rate filtering keeps the bulk of it away from the NS,
though I start to see new patterns, e.g. querying non-existend TLDs.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 259 bytes
Desc: OpenPGP digital signature
More information about the dns-operations