[87933] in North American Network Operators' Group
Re: DOS attack against DNS?
daemon@ATHENA.MIT.EDU (Mark Andrews)
Sun Jan 15 02:34:47 2006
Date: Sun, 15 Jan 2006 18:33:33 +1100 (EST)
From: Mark Andrews <Mark_Andrews@isc.org>
To: nanog@merit.edu, garlic@garlic.com
In-Reply-To: <43C9EF72.50803@garlic.com>
Cc:
Errors-To: owner-nanog@merit.edu
In article <43C9EF72.50803@garlic.com> you write:
>
>I just started seeing thousands of DNS queries that look like some sort
>of DOS attack. One log entry is below with the IP obscured.
>
>client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E
>
>When you look at z.tn.co.za you see a huge TXT record.
>
>Is anyone else seeing this attack or am I the lucky one? Is this a
>known attack?
>
>Roy
You are being used as a DoS amplifier. The queries will be
spoofed. Someone needs to learn about BCP 38.
Mark
