On 10-Sep-2012, Robert Schwartz <[email protected]> sent: > We run a bunch of authoritative servers and have recently observed activity > best described in a post we found here: > https://isc.sans.edu/diary/DNS+ANY+Request+Cannon+-+Need+More+Packets/13261 > > Using the iptables rules posted as a comment by Network Mouse (in the above > post), we've been able to reduce the amount of junk being sent to the > target host. Most of the target hosts seem to be in Asia, just like those > mentioned in the Sans post. > > The question I have for you all is: Is this something affecting other > operators? How have you been dealing with it?
My employer has been seeing it for a while now: http://dyn.com/active-incident-notification-recent-chinanetany-query-floods/ It appears to always be ANY queries with recursion desired set, which well behaved recursors shouldn't be sending to authoritatives in the first place. We've used that to identify and block apparently source IPs. -- Chip Marshall <[email protected]>
pgpMyesyeir0T.pgp
Description: PGP signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
