What are these entries in the log file - " query: . IN NS +"?
Mark Andrews
Mark_Andrews at isc.org
Tue Jan 27 02:43:22 UTC 2009
In message <ulssn453ohc7rj6lobgkje0g0prvqd3sit at 4ax.com>, "Tony Toews [MVP]" wri
tes:
> "Tony Toews [MVP]" <ttoews at telusplanet.net> wrote:
>
> >>> How do I know I'm not answering those?
> >>>
> >>Since your on win, I can't help you, but whatever your packet monitor
> >>is, see if you are replying to their requests, even with a REFUSED
> >>response.
>
> It looks like the server is replying with a refused statement. The following
> are the
> two lines that WireShark captured.
>
> Standard query NS <Root>
> Standard query response, refused
Good. The attacker is trying to you as a amplifier and
that is not happening. That is all one can reasonably
expect.
The next thing you should do is ask your ISP to chase them
back to their source and if they are local to the ISP block
them by implementing BCP 38 other wise to pass on the request
to the peers they are getting them from.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list