[169214] in North American Network Operators' Group
Re: random dns queries with random sources
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Tue Feb 18 22:58:51 2014
In-Reply-To: <CAL9jLaa8JrikK=413YJy_kSkamiiGACr-ToG_=7_NGthqYOgUw@mail.gmail.com>
Date: Tue, 18 Feb 2014 22:48:18 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: North American Networking and Offtopic Gripes List <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Feb 18, 2014 at 10:47 PM, Christopher Morrow
<morrowc.lists@gmail.com> wrote:
> On Tue, Feb 18, 2014 at 10:44 PM, Dobbins, Roland <rdobbins@arbor.net> wrote:
>>
>> On Feb 19, 2014, at 10:08 AM, Joe Maimon <jmaimon@ttec.com> wrote:
>>
>>> What is the purpose of this?
>>
>> Resource-exhaustion attack against the recursive DNS?
>
> so... i could be nuts, but in the example joe clipped, the resolved
> hosts are either:
> 66.199.132.5
> 66.199.132.7
> or
> 216.222.148.103
>
> these are from 2 different PI blocks, but the same named end-user: chl.net.
>
> maybe someone's upset with CHL, whomever that may be.
apologies. both chl.net and chl.com ... which appear to be parts of
ttec ... which is joe.
