In message <ulssn453ohc7rj6lobgkje0g0prvqd3...@4ax.com>, "Tony Toews [MVP]" wri
tes:
> "Tony Toews [MVP]" <tto...@telusplanet.net> wrote:
>
> >>> How do I know I'm not answering those?
> >>>
> >>Since your on win, I can't help you, but whatever your packet monitor
> >>is, see if you are replying to their requests, even with a REFUSED
> >>response.
>
> It looks like the server is replying with a refused statement. The following
> are the
> two lines that WireShark captured.
>
> Standard query NS <Root>
> Standard query response, refused
Good. The attacker is trying to you as a amplifier and
that is not happening. That is all one can reasonably
expect.
The next thing you should do is ask your ISP to chase them
back to their source and if they are local to the ISP block
them by implementing BCP 38 other wise to pass on the request
to the peers they are getting them from.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
