What are these entries in the log file - " query: . IN NS +"?
Tony Toews [MVP]
ttoews at telusplanet.net
Tue Jan 27 03:23:31 UTC 2009
Mark Andrews <Mark_Andrews at isc.org> wrote:
>> It looks like the server is replying with a refused statement. The following
>> are the
>> two lines that WireShark captured.
>>
>> Standard query NS <Root>
>> Standard query response, refused
>
> Good. The attacker is trying to you as a amplifier and
> that is not happening. That is all one can reasonably
> expect.
So we're not sending any traffic back to the alleged requesting IP address? BTW
WireShark is indicating in one of the bit flags on the request that they are trying
to do a "Recursion desired: Do query recursively"
> The next thing you should do is ask your ISP to chase them
> back to their source and if they are local to the ISP block
> them by implementing BCP 38 other wise to pass on the request
> to the peers they are getting them from.
Ahh, ok. I'll need to gather a bunch of the alleged IP addresses then.
Thanks, Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
More information about the bind-users
mailing list