> > On the DNS server, a large number of "ANY" type queries occur,why? > > Probably the reflection+amplification attack which goes on, specially > in China, for several months. CNCERT knows about it so I suggest you > contact them.
Note that there are multiple reflection+amplification attacks going on, basically all the time, and in plenty of cases the victim is not in China. For instance, *right now* I can see the following ongoing attacks: 8560 | 212.227.135.196 | ONEANDONE-AS 1&1 Internet AG 13335 | 173.245.60.116 | CLOUDFLARENET - CloudFlare, Inc. 20021 | 67.59.167.140 | LNH-INC - HostMySite 29791 | 72.251.250.98 | VOXEL-DOT-NET - Voxel Dot Net, Inc. 32421 | 199.59.164.182 | BLCC - Black Lotus Communications 33748 | 76.191.42.160 | DSCI - DSCI Corporation Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
