Getting "query failed (REFUSED) for ./IN/ANY"
vesely at tana.it
Wed Jan 13 15:21:28 UTC 2021
On Wed 13/Jan/2021 14:31:58 +0100 John Kristoff wrote:
> Some may be sourced from a security/research survey project, but some
> sources performing this may be for more nefarious purposes - building a
> list of open resolvers that will answer for the purposes of maintaining
> an amplication/reflection hit list.
I see some IPs are the same. However, my attacker seems rather to be (blindly)
attempting an amplification attack than building a list of open resolvers,
because the same IP is usually retried 4~6 times.
More information about the bind-users