We've seen this stepping up lately as well. Ta,
Dave. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Farrell Sent: 31 January 2013 12:16 To: [email protected] Subject: Re: [uknof] DNS DDoS On 31/01/13 11:47, James Davis wrote: > We've been seeing an increasing number of reflected and amplified DNS attacks > over the last year, some more sophisticated than what you've described. > > If the systems behind that port don't need to receive DNS traffic from > everywhere then I suggest blocking the DNS responses as far as is possible. > You can frequently get away with blocking just the handful of nameservers > involved but if the attackers have some clue they'll be cycling them often > and including authoritative servers for popular services. > > Regards, > > James > _______ Actually started to notice these more regularly in $dayjob too. DNS responses to our entire address space, even the parts that are dark at this time. David.
