[nsp-sec] search by asn
James A. T. Rice
james_r-nsp at jump.org.uk
Wed Mar 27 12:24:27 EDT 2013
On Wed, 27 Mar 2013, Jon Lewis wrote:
> First one on your list returns a referral to the roots rather than a
> query refused. That's still useful for amplification...though the amp
> factor is much lower than the commonly used queries.
Groan. I've checked our netflow, and I've not found any evidence those
ones are being used for attacks. Could 'recursion denied' be listed
differently, or not listed at all?
I think it makes more sense for operators to concentrate their efforts on
the 60+ x amplification 'open resolver' hosts, not the 3 x amplification
'recursion denied' hosts.
Cheers
James
More information about the nsp-security
mailing list