nanog mailing list archives
Re: random dns queries with random sources
From: Owen DeLong <owen () delong com>
Date: Tue, 18 Feb 2014 21:56:03 -0800
On Feb 18, 2014, at 9:48 PM, Joe Maimon <jmaimon () ttec com> wrote:
George Herbert wrote:Right. Nonzero chances that you (Joe's site) are the target... Also, check if you have egress filtering of spoofed addresses below these DNS resources, between them and any user objects. You could be sourcing the spoofing if not...It seems to me that the same|similar dataset of open resolvers to be used for amplification attacks is also being used for this sort of thing, and the overall effect is not large enough to indicate my resources are a target. What I cant figure out is what is the target and how this attack method is any more effective then the others. Joe
This assumes several facts not in evidence: 1. It is an attack. 2. It is deliberate 3. There is a target 4. It is more effective than others On what do you base those assumptions? To me this looks to be far more likely to be someone’s wayward script, experiment, software, tool, etc. doing something it probably isn’t supposed to be doing. If it happens to also be gathering the answers or information that the author wants (or appears to be doing so), then the author may well be blissfully ignorant of its wayward behavior towards your servers. Owen
Current thread:
- Re: random dns queries with random sources, (continued)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources Christopher Morrow (Feb 18)
- Re: random dns queries with random sources Christopher Morrow (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources sthaug (Feb 19)
- Re: random dns queries with random sources Christopher Morrow (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources George Herbert (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources Dobbins, Roland (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources Owen DeLong (Feb 18)
- Re: random dns queries with random sources Joe Maimon (Feb 18)
- Re: random dns queries with random sources sthaug (Feb 19)
- Re: random dns queries with random sources Dobbins, Roland (Feb 19)
- Re: random dns queries with random sources Simon Perreault (Feb 19)
- Re: random dns queries with random sources Tempest (Feb 19)
- RE: random dns queries with random sources Beeman, Davis (Feb 19)