[dns-operations] Netgear time-g.netgear.com + time-f.netgear.com - flooding....
sthaug at nethelp.no
sthaug at nethelp.no
Thu Nov 5 14:51:38 UTC 2020
> <many more, see attached log>
> 14:23:58.147601 IP customer.32769 > 212.60.63.246.53: 17710+ A? time-g.netgear.com. (36)
> 14:23:58.147603 IP customer.32769 > 212.60.61.246.53: 17710+ A? time-g.netgear.com. (36)
> 14:23:58.147613 IP customer.32769 > 212.60.63.246.53: 17710+ A? time-g.netgear.com. (36)
> 14:23:58.147613 IP customer.32769 > 212.60.61.246.53: 17710+ A? time-g.netgear.com. (36)
> 14:23:58.147616 IP customer.32769 > 212.60.63.246.53: 17710+ A? time-g.netgear.com. (36)
> 14:23:58.147617 IP customer.32769 > 212.60.61.246.53: 17710+ A? time-g.netgear.com. (36)
> 14:23:58.147618 IP customer.32769 > 212.60.63.246.53: 17710+ A? time-g.netgear.com. (36)
> <many more>
...
> * Has anybody seen similar situations in their recursives? (and what could you do about it)
We've seen it many times. Haven't normally followed up with customer
(not enough of a problem to be worth while).
> * Is this a on-device (netgear) issue or is this part of some kind of DoS attempt?
For us it looks like a Netgear issue, not an organized DoS attempt.
Steinar Haug, AS2116
More information about the dns-operations
mailing list