A large number of "ANY" query type queries
sthaug at nethelp.no
sthaug at nethelp.no
Wed Mar 28 12:10:27 UTC 2012
> > On the DNS server, a large number of "ANY" type queries occur,why?
>
> Probably the reflection+amplification attack which goes on, specially
> in China, for several months. CNCERT knows about it so I suggest you
> contact them.
Note that there are multiple reflection+amplification attacks going
on, basically all the time, and in plenty of cases the victim is not
in China.
For instance, *right now* I can see the following ongoing attacks:
8560 | 212.227.135.196 | ONEANDONE-AS 1&1 Internet AG
13335 | 173.245.60.116 | CLOUDFLARENET - CloudFlare, Inc.
20021 | 67.59.167.140 | LNH-INC - HostMySite
29791 | 72.251.250.98 | VOXEL-DOT-NET - Voxel Dot Net, Inc.
32421 | 199.59.164.182 | BLCC - Black Lotus Communications
33748 | 76.191.42.160 | DSCI - DSCI Corporation
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the bind-users
mailing list