[80801] in North American Network Operators' Group
Re: Malicious DNS request?
daemon@ATHENA.MIT.EDU (Brad Knowles)
Thu May 12 11:14:44 2005
In-Reply-To: <428316A8.1090503@linuxbox.org>
Date: Thu, 12 May 2005 16:43:07 +0200
To: Gadi Evron <ge@linuxbox.org>
From: Brad Knowles <brad@stop.mail-abuse.org>
Cc: Joe Shen <joe_hznm@yahoo.com.sg>, NANGO <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
At 12:41 PM +0400 2005-05-12, Gadi Evron quoted Joe Shen:
>> How could such request be filtered or minimize its
>> affaction on DNS server?
>
> Either this is a DDoS (woohoo!! I used the forbidden word) or you are
> seeing a botnet trying to connect and putting in some smoke-screen while
> at it to try and poison dns-top.
>
> I'd suggest dropping requests for domains you don't hold.
That's kind of hard to do if you're running a recursive/caching nameserver.
--
Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
