Re: [Pdns-users] ANY+Reflection Attacks?
El feb 25, 2015 5:25 AM, Michael Ströder mich...@stroeder.com escribió: Ciro Iriarte wrote: 2015-02-24 17:49 GMT-03:00 Ciro Iriarte cyru...@gmail.com: Hi!, I'm seeing a lot of messages of type Timeout from remote TCP client 10.XXX.XXX.XXX, it seems to be an attack given we have any-to-tcp = yes. Is this usual?, is there anyway to identify the attackers?. The service is working fine and we have in our roadmap constant packed capture for data mining but I find this behaviour new/interesting today :) Any comments? Regards, Well, never mind. After all, those are legitimate clients and there seems to be a firewall with connection tracking issues. What's unexpected to me is having TCP requests, I was expecting only UDP traffic from end users. DNSSEC used? Ciao, Michael. As far as I remember, pdns-recursor doesn't support DNSSEC. Regards, Ciro ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] ANY+Reflection Attacks?
Ciro Iriarte wrote: 2015-02-24 17:49 GMT-03:00 Ciro Iriarte cyru...@gmail.com: Hi!, I'm seeing a lot of messages of type Timeout from remote TCP client 10.XXX.XXX.XXX, it seems to be an attack given we have any-to-tcp = yes. Is this usual?, is there anyway to identify the attackers?. The service is working fine and we have in our roadmap constant packed capture for data mining but I find this behaviour new/interesting today :) Any comments? Regards, Well, never mind. After all, those are legitimate clients and there seems to be a firewall with connection tracking issues. What's unexpected to me is having TCP requests, I was expecting only UDP traffic from end users. DNSSEC used? Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] ANY+Reflection Attacks?
Hi!, I'm seeing a lot of messages of type Timeout from remote TCP client 10.XXX.XXX.XXX, it seems to be an attack given we have any-to-tcp = yes. Is this usual?, is there anyway to identify the attackers?. The service is working fine and we have in our roadmap constant packed capture for data mining but I find this behaviour new/interesting today :) Any comments? Regards, -- Ciro Iriarte http://iriarte.it -- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] ANY+Reflection Attacks?
2015-02-24 17:49 GMT-03:00 Ciro Iriarte cyru...@gmail.com: Hi!, I'm seeing a lot of messages of type Timeout from remote TCP client 10.XXX.XXX.XXX, it seems to be an attack given we have any-to-tcp = yes. Is this usual?, is there anyway to identify the attackers?. The service is working fine and we have in our roadmap constant packed capture for data mining but I find this behaviour new/interesting today :) Any comments? Regards, -- Ciro Iriarte http://iriarte.it -- Well, never mind. After all, those are legitimate clients and there seems to be a firewall with connection tracking issues. What's unexpected to me is having TCP requests, I was expecting only UDP traffic from end users. Regards, -- Ciro Iriarte http://iriarte.it -- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users