[151841] in North American Network Operators' Group
Re: Attack on the DNS ?
daemon@ATHENA.MIT.EDU (Lamar Owen)
Sat Mar 31 18:04:14 2012
Date: Sat, 31 Mar 2012 18:03:15 -0400
From: Lamar Owen <lowen@pari.edu>
To: nanog@nanog.org
In-Reply-To: <20120331.222817.74728386.sthaug@nethelp.no>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Saturday, March 31, 2012 04:28:17 PM sthaug@nethelp.no wrote:
> ANY queries for isc.org and ripe.net are popular (ietf.org has also been
> seen), since they give a potentially large amplification factor.
FWIW, saw ANY queries at a rate of 10 per second from one IP to a DNS server today, all for isc.org. Saw a few hundred more for tmss.trendmicro.com from a different IP. Other popular names include plus.google.com, maps.google.com, and play.google.com. (all denied by that particular server, which is patched against such).
Anyone know if there's a project to track popular amplification names? :-)
