nanog mailing list archives
Re: What are these Google IPs hammering on my DNS server?
From: Mark Andrews <marka () isc org>
Date: Mon, 4 Dec 2023 10:31:54 +1100
On 4 Dec 2023, at 08:21, Michael Hare via NANOG <nanog () nanog org> wrote: John- This is little consolation, but at AS3128, I see the same thing to our downstream at times, claiming to come from both 13335 and 15169 often simultaneously at the tune of 25Kpps , "assuming it's not spoofed", which is pragmatically impossible to prove for me given our indirect relationships with these companies. When I see these events, I typically also see a wide variety of country codes participating simultaneously. Again, assuming it's not spoofed. To me it just looks like effective harassment with 13335/15169 helping out. I pine for the internet of the 1990s.
Just set TC=1 for those clients. If you get queries over TCP then they where not spoofed. If they are using DNS COOKIE (RFC 7873) you can send back BADCOOKIE to the initial (client cookie only) UDP request with your server cookie. Identifying real DNS clients has been possible for years now. It’s not hard. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- What are these Google IPs hammering on my DNS server? John Levine (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Mike Hammett (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Tom Samplonius (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Peter Potvin via NANOG (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)
- RE: What are these Google IPs hammering on my DNS server? Michael Hare via NANOG (Dec 03)
- RE: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Mark Andrews (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Damian Menscher via NANOG (Dec 04)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 04)
- RE: What are these Google IPs hammering on my DNS server? Michael Hare via NANOG (Dec 05)
- Re: What are these Google IPs hammering on my DNS server? Ray Bellis (Dec 05)
- Re: What are these Google IPs hammering on my DNS server? Christopher Morrow (Dec 05)
- Re: What are these Google IPs hammering on my DNS server? Ray Bellis (Dec 05)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)