Mark Andrews wrote: > In article <[EMAIL PROTECTED]> you write: >> I just started seeing thousands of DNS queries that look like some sort >> of DOS attack. One log entry is below with the IP obscured. >> >> client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E >> >> When you look at z.tn.co.za you see a huge TXT record. >> >> Is anyone else seeing this attack or am I the lucky one? Is this a >> known attack? >> >> Roy > > You are being used as a DoS amplifier. The queries will be > spoofed. Someone needs to learn about BCP 38.
Next to not running a $world recursive/caching service ;) Which is where the OP can actually do something about this problem. Folks who don't do ingress filtering will not be bothered to get it going unfortunately... Greets, Jeroen
signature.asc
Description: OpenPGP digital signature
