Interesting log entries
Mark Andrews
Mark_Andrews at isc.org
Tue Dec 20 01:29:11 UTC 2005
> In article <do6vs9$2gkn$1 at sf1.isc.org>,
> Tony Toews <ttoews at telusplanet.net> wrote:
>
> > Barry Margolin <barmar at alum.mit.edu> wrote:
> >
> > >See the thread titled "How can I tell in the log if a query was
> > >successful or refused":
> >
> > Are you saying it's a "It's a recursive DNS DDoS amplification attack."? I
> f
> > not
> > could you be a bit more specific? Which posting in particular applies to
> > these log
> > entries?
>
> Yes, I'm saying it could be that kind of attack. The nonexistent
> entries you were seeing are the same as the ones that were in that
> thread, which hardly seems like a coincidence.
And the correct way to deal with this is to report this
to your upstreams so they can chase this back to the
networks which are not implementing BCP 38.
BCP 38
Network Ingress Filtering: Defeating Denial of Service
Attacks which employ IP Source Address Spoofing.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list