[dns-operations] Know anybody at McAfee/Intel Cloud DNS team?

David opendak at shaw.ca
Wed Jan 18 03:13:00 UTC 2017


On 2017-01-17 7:37 PM, Manos Antonakakis wrote:
> On Tue, Jan 17, 2017 at 9:30 PM, Robert Edmonds <edmonds at mycre.ws> wrote:
>> That's no ordinary load balancer. Those are tunneled database lookups!
>> (My favorite obfuscation is hex-encoding IPv4 addresses into the QNAME.)
>
> Yup. Robert is correct. More details around this (abusive?) phenomenon here:
>
> http://www.cc.gatech.edu/~ynadji3/docs/pubs/dnsnoise-dsn2014.pdf
>
> Manos

SonicWALL (webcfs00.com) is pretty bad at this too. Their "noise" 
account for about 10-15% of our servfail producing queries.




More information about the dns-operations mailing list