Hey all We had the same problem, at last a few weeks ago. We reported it to Netgear in Dec 12 for the first Time -> no result We tried to overwrite these records with another -> just for testing. The routers were still asking k-times a second.
I think it's not a DNS-problem, cause it doesn't matter what's the answer on a request is, the router is still asking. Only a reboot of device stops the 'attack'. Best Regards Beat -----Ursprüngliche Nachricht----- Von: swinog-boun...@lists.swinog.ch [mailto:swinog-boun...@lists.swinog.ch] Im Auftrag von Roman Hochuli Gesendet: Freitag, 24. Mai 2013 14:33 An: swi...@swinog.ch Betreff: Re: [swinog] DDOS DNS Attack by Netgear Products caused by CNAME instead of A record? Hey All If it is really hurting you big time you may choose to run a very mean hack: temporarily setup a netgear.com-Zone on your dns-servers and point these records to a useful NTP server. Adding an A-record for their website would probably a good idea as well. ;) Yes, it is an EXTREMELY UGLY HACK. But as stated above: it might be easier to cut yourself a hand off than loosing the whole arm... > but what's the hex string for this kind of query. > anybody got it? Had there somebody fun with Stefans presentation of yesterday...? ;) -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog