[169237] in North American Network Operators' Group
Re: random dns queries with random sources
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Wed Feb 19 04:27:06 2014
Date: Wed, 19 Feb 2014 10:26:23 +0100 (CET)
To: jmaimon@ttec.com
From: sthaug@nethelp.no
In-Reply-To: <53044F16.9020708@ttec.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> It has been ongoing for a week or so (but not constant). The domain
> names have a pattern but are comprised of components that appear to be
> randomly generated. The source IP addresses for the queries appear to be
> non duplicated and randomly generated.
>
> query logs are available for unicasting to the interested.
>
> Has nobody else seen this?
We've seen it. It is pretty clearly an attack against authoritative
name servers for various domains, using open recursors or proxies to
reflect the queries.
Steinar Haug, AS 2116
