[dns-operations] Botnets, botnets everywhere

Roland Dobbins rdobbins at arbor.net
Thu Sep 11 13:07:38 UTC 2014


On Sep 11, 2014, at 8:42 PM, Peter Andreev <andreev.peter at gmail.com> wrote:

> One of those SLDs is an online-shop, another is online-casino, so I concluded that our
> resolver is being used to bombard NSes of corresponding SLDs with queries.

Also, in some cases, we've seen this activity constitute a
reflection/amplification attack against the recursive DNS
infrastructure of broadband and IDC operators who're using public open
recursors as their external resolvers.  So, looking at the purported
querier addresses might provide some insight into which scenario
applies in any given instance.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the dns-operations mailing list