New type of DDoS? Anyone saw it?
Marek Królikowski
admin at wset.edu.pl
Mon May 16 15:03:01 UTC 2016
Hello,
Today i saw my bind eat almost 90% of RAM when i check logs I find
interesting DDoS on my DNS Cluster today:
16-May-2016 16:47:47.467 client 8X.1X0.3Y.40#44968: query: 323.016.231.212
IN AAAA + (8X.1X0.Y.Y)
16-May-2016 16:47:47.467 client 8X.1X0.3Y.40#44968: slip response to
8X.1X0.33.0/24 for . IN AAAA (00000000)
16-May-2016 16:47:47.467 client 8X.1X0.3Y.40#38600: query: 235.326.031.064
IN AAAA + (8X.1X0.Y.Y)
16-May-2016 16:47:47.467 client 8X.1X0.3Y.40#38600: drop response to
8X.1X0.33.0/24 for . IN AAAA (00000000)
16-May-2016 16:47:47.467 client 8X.1X0.3Y.40#51399: query: 331.206.372.214
IN AAAA + (8X.1X0.Y.Y)
16-May-2016 16:47:47.467 client 8X.1X0.3Y.40#51399: slip response to
8X.1X0.33.0/24 for . IN AAAA (00000000)
Looks like IN AAAA query about wrong IPv4 address... i got almost 5000/sec
Anyone saw this too?
Best Regards
Marek
More information about the bind-users
mailing list