DNS NXDOMAIN flood
Marco
mm at dorfdsl.de
Thu Nov 2 05:21:17 UTC 2023
Am 02.11.2023 10:58 schrieb Mosharaf Hossain:
> The attack originates from an external network, and it periodically
> saturates our entire internet bandwidth.
Can you verify that the source IP is not spoofed (TCP ACK replies
instead of ACK RST, no ICMP port unreachable for UDP)?
If yes, contact the abuse desk, so they can shut that machine down.
If they refuse to do, you can block their address ranges for some time
to see if they stop attacking your server.
More information about the bind-users
mailing list