[dns-operations] nameservers being attacked
rubensk at nic.br
Tue Nov 26 09:22:47 UTC 2013
Em 26/11/2013, à(s) 00:22, Mark Andrews <marka at isc.org> escreveu:
> In message <5293FA31.9030204 at dnsbed.com>, Dnsbed Ops writes:
>> My nameservers currently have been meeting the attacks.
>> All these queries are against one special domain, from the seemed fake IPs.
>> And those eat up the bandwidth quickly since I run the nameservers with
>> hosting servers.
>> Can you help? Thanks in advance.
> The logs actually look like the queries are from recursive servers
> following normal recursion looking at the mixture of flags and that
> they are directed at a official server for the zone.
> ns6.cloudwebdns.com. 3600 IN A 188.8.131.52
> ns6.cloudwebdns.com. 3600 IN A 184.108.40.206
> I suspect something is trying to detect whether there is nxdomain
> redirection occuring by prepend a random string to www.byw.so.
Which follows the known Chromium (main Google Chrome component) pattern of a few random 10-character requests for every search query to make such detection.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations