[dns-operations] traffic jam
Roland Dobbins
rdobbins at arbor.net
Mon Apr 27 05:30:57 UTC 2015
On 27 Apr 2015, at 12:13, Randy Bush wrote:
> nominum? msoft? so it is backscatter from doses toward them?
Well, if your server is an open recursor through misconfiguration
(unlikely, I know) or some miscreant fatfingered a list, then maybe.
Attackers tend to use lots of recursives in reflection/amplification
attacks with limited numbers of queries for each one, and once you're on
the list of open recursives, you still get pummeled every so often even
after remediation/even if you weren't recursive in the first place.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the dns-operations
mailing list