[BlueOnyx:05320] Re: DNS DDOS?
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Fri Sep 3 20:52:55 -05 2010
Hi Greg,
Greg Kuhnert wrote:
> I've been noticing some interesting log messages.... I am curious if
> anyone else is seeing this pattern...
>
> This attack was originally designed to get reply traffic from DNS
> servers that respond to recursive queries, and thus acting as traffic
> amplifiers .... The good news is that bluequartz/blueonyx doesnt respond
> to recursive queries by default... However, the spoofed traffic I think
> is being sent from compramised servers.... Even if the reply traffic is
> not amplified, they are still benefiting from the "packet laundering"
> our servers are providing....
>
> cat /var/log/messages | grep named.*denied$
I just checked across our hosting network and a couple customer boxes
and found nothing.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list