[165856] in North American Network Operators' Group
Re: d6991.com traffic
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Mon Sep 23 13:25:16 2013
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Mon, 23 Sep 2013 17:25:02 +0000
In-Reply-To: <52407643.9080306@gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 24, 2013, at 12:11 AM, Chris Hunt wrote:
> That is a problem, but I'm seeing a lot of queries from residential users=
for what seems to me an obscure name hostied in Asia. I'm
> guessing some kind of bot traffic...
They may be open recursors being leveraged for DNS reflection/amplification=
DDoS (many CPE devices are broken this way). Check some of the CPEs to se=
e if they're open recursors:
<http://openresolverproject.org/>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
