In message <ulssn453ohc7rj6lobgkje0g0prvqd3...@4ax.com>, "Tony Toews [MVP]" wri tes: > "Tony Toews [MVP]" <tto...@telusplanet.net> wrote: > > >>> How do I know I'm not answering those? > >>> > >>Since your on win, I can't help you, but whatever your packet monitor > >>is, see if you are replying to their requests, even with a REFUSED > >>response. > > It looks like the server is replying with a refused statement. The following > are the > two lines that WireShark captured. > > Standard query NS <Root> > Standard query response, refused
Good. The attacker is trying to you as a amplifier and that is not happening. That is all one can reasonably expect. The next thing you should do is ask your ISP to chase them back to their source and if they are local to the ISP block them by implementing BCP 38 other wise to pass on the request to the peers they are getting them from. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users