Interesting log entries
Barry Margolin
barmar at alum.mit.edu
Tue Dec 20 01:11:52 UTC 2005
In article <do6vs9$2gkn$1 at sf1.isc.org>,
Tony Toews <ttoews at telusplanet.net> wrote:
> Barry Margolin <barmar at alum.mit.edu> wrote:
>
> >See the thread titled "How can I tell in the log if a query was
> >successful or refused":
>
> Are you saying it's a "It's a recursive DNS DDoS amplification attack."? If
> not
> could you be a bit more specific? Which posting in particular applies to
> these log
> entries?
Yes, I'm saying it could be that kind of attack. The nonexistent
entries you were seeing are the same as the ones that were in that
thread, which hardly seems like a coincidence.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list