On 2020-11-18, mabi wrote:
>> The DNS RRL techniques typically still reply to a proportion of queries
>> (either directly with the answer, or with a "retry over TCP" response
>> code) reducing impact if the source IP is also used by real queries as
>> well as the attack traffic.
>
> I've been look
‐‐‐ Original Message ‐‐‐
On Tuesday, November 17, 2020 11:50 PM, Stuart Henderson
wrote:
> These packets are most likely sent from spoofed source addresses.
>
> Assuming this is the case, the address you are seeing on the packets
> would not be the attacker but the victim.
That totally
On 2020-11-17, mabi wrote:
> Hello,
>
> On my DNS authoritative servers which are behind an OpenBSD 6.6 firewall I
> just saw some weird UDP high volume traffic on port 53 my these DNS servers
> coming from Google (e.g. 74.125.18.1 or 172.253.214.111).
>
> These few IPs generated around 5200 req
Hello,
On my DNS authoritative servers which are behind an OpenBSD 6.6 firewall I just
saw some weird UDP high volume traffic on port 53 my these DNS servers coming
from Google (e.g. 74.125.18.1 or 172.253.214.111).
These few IPs generated around 5200 requests/second on my DNS servers so I was
> On my DNS authoritative servers which are behind an OpenBSD 6.6 firewall I
> just saw some weird UDP high volume traffic on port 53 my these DNS servers
> coming from Google (e.g. 74.125.18.1 or 172.253.214.111).
>
> These few IPs generated around 5200 requests/second on my DNS servers so I
>
5 matches
Mail list logo
