[169223] in North American Network Operators' Group
Re: random dns queries with random sources
daemon@ATHENA.MIT.EDU (Joe Maimon)
Wed Feb 19 00:48:47 2014
Date: Wed, 19 Feb 2014 00:48:20 -0500
From: Joe Maimon <jmaimon@ttec.com>
To: George Herbert <george.herbert@gmail.com>,
"Dobbins, Roland" <rdobbins@arbor.net>
In-Reply-To: <CAK__KztwDR0U1gWFhQhRdX=Dn49jeUrFpJUf0Z0JTVNYonSViA@mail.gmail.com>
Cc: North American Networking and Offtopic Gripes List <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
George Herbert wrote:
> Right. Nonzero chances that you (Joe's site) are the target...
>
> Also, check if you have egress filtering of spoofed addresses below these
> DNS resources, between them and any user objects. You could be sourcing
> the spoofing if not...
It seems to me that the same|similar dataset of open resolvers to be
used for amplification attacks is also being used for this sort of
thing, and the overall effect is not large enough to indicate my
resources are a target.
What I cant figure out is what is the target and how this attack method
is any more effective then the others.
Joe
