Bind dns amplification attack
Ondřej Surý
ondrej at isc.org
Tue Mar 28 09:12:26 UTC 2023
More likely, it’s a malware used to do a targeted attack rather than insecure routers.
Also why not both? ;)
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 28. 3. 2023, at 10:44, Borja Marcos <borjam at sarenet.es> wrote:
>
>
>
>> On 28 Mar 2023, at 09:33, Nyamkhand Buluukhuu <nyamkhand at mobinet.mn> wrote:
>>
>> Hello,
>>
>> We are having slowly increasing dns requests from our customer zones all asking mXX.krebson.ru. I think this is a DNS amplification attack.
>> And source zones/IP addresses are different but sending same requests like below.
>
> I wonder, maybe some of your customers have open recursive DNS servers themselves? Some brands of routers
> are unfortunately easy to misconfigure.
>
> I must play whack-a-mole now and then.
>
>
>
>
> Borja.
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list