Packets wanted, DNS DDOS attacks
Jim posted earlier in the week (https://isc.sans.edu/diary.html?storyid=13387) regarding a bind 9 vulnerability. Whilst possibly unrelated we've had a report regarding a few million DNS responses with static IDs being sent to an organisation.
If you have something similar happening and you are in a position to capture some packets we'd appreciate it if you could upload some for us to have a look at. Especially of they all have the same ID number.
Mark
Keywords:
1 comment(s)
×
Diary Archives
Comments
amplification attack described at https://isc.sans.edu/diary/DNS+ANY+Request+Cannon+-+Need+More+Packets/13261
Chris Thompson
Jun 8th 2012
1 decade ago