Bind dns amplification attack
Borja Marcos
borjam at sarenet.es
Tue Mar 28 08:43:59 UTC 2023
> On 28 Mar 2023, at 09:33, Nyamkhand Buluukhuu <nyamkhand at mobinet.mn> wrote:
>
> Hello,
>
> We are having slowly increasing dns requests from our customer zones all asking mXX.krebson.ru. I think this is a DNS amplification attack.
> And source zones/IP addresses are different but sending same requests like below.
I wonder, maybe some of your customers have open recursive DNS servers themselves? Some brands of routers
are unfortunately easy to misconfigure.
I must play whack-a-mole now and then.
Borja.
More information about the bind-users
mailing list