[nsp-sec] DNS Reflection DDoS
King, Link
Link.King at neustar.com
Wed Mar 2 11:58:54 EST 2011
>(belated) ACK for AS12. Looks like this stopped around 11:30pm last
>night from us, let me know if it kicks up again. We're working on
>getting recursion disabled for these boxes.
Thanks for all the replies folks. The attack did indeed die off. The
concern wasn't so much dealing with the attack itself. The conundrum was
what you do about tracking it back given the nature of the attack.
Side question ... We have been seeing quite a number of these exact
queries (isc.org ANY with EDNS option) against our recursive products for
over a month now. I can certainly see why they're doing it and I assume
others are seeing the same sort of activity? DNS reflection attacks
(either as target or reflection) seemed to have died off in 2010 (for us)
but is now once again quite prominent in 2011 ....
--
Link King
link.king at neustar.com
More information about the nsp-security
mailing list