How can someone know Sub-Domains?
p.mayers at imperial.ac.uk
Sun Dec 25 09:10:28 UTC 2011
If you are being DOSed at a rate higher than you can handle then you need to liase with your provider to get them to drop the traffic before it reaches you. Google "srtbh".
There are 4 ways attackers might have extracted a list of target hosts.
1. Axfr I.e. Zone transfer - have you locked this down?
2. Dnssec - walking the nsec chain of a signed zone, or (unlikely) attacking the nsec3 hash
3. Reverse lookup of your known ipv4 subnets - this is fast even for big ranges
4. Non-dns means - compromise of a trusted host or person.
What form does the dos take? How are you so sure DNS is even involved?
Do you have bind- or dns-specific questions?
Sent from my phone. Please excuse brevity and typos.
More information about the bind-users