[151858] in North American Network Operators' Group
Re: Attack on the DNS ?
daemon@ATHENA.MIT.EDU (Rubens Kuhl)
Sun Apr 1 07:57:29 2012
In-Reply-To: <1E6E6FF1-098B-4CAF-81AF-74C2D49A6A9C@gmail.com>
Date: Sun, 1 Apr 2012 08:56:51 -0300
From: Rubens Kuhl <rubensk@gmail.com>
To: Greg Ihnen <os10rules@gmail.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Mar 31, 2012 at 10:09 PM, Greg Ihnen <os10rules@gmail.com> wrote:
> I manage a tiny network in the Amazon, a satellite internet connection and decent sized wireless network.
> Is DNS traffic being directed to bogus servers? Are the real servers being overloaded? Am I seeing the results of some kind of DDOS mitigation technique?
If you are using broadband connection from the brazilian incumbent
operator (Oi), you might indeed being redirected to bogus servers.
They are very fond of "monetizing" techniques with their user base,
using either DNS or all the traffic for that matter (Phorm).
Rubens
