Mark Andrews <mark_andr...@isc.org> wrote: >> It looks like the server is replying with a refused statement. The following >> are the >> two lines that WireShark captured. >> >> Standard query NS <Root> >> Standard query response, refused > > Good. The attacker is trying to you as a amplifier and > that is not happening. That is all one can reasonably > expect.
So we're not sending any traffic back to the alleged requesting IP address? BTW WireShark is indicating in one of the bit flags on the request that they are trying to do a "Recursion desired: Do query recursively" > The next thing you should do is ask your ISP to chase them > back to their source and if they are local to the ISP block > them by implementing BCP 38 other wise to pass on the request > to the peers they are getting them from. Ahh, ok. I'll need to gather a bunch of the alleged IP addresses then. Thanks, Tony -- Tony Toews, Microsoft Access MVP Please respond only in the newsgroups so that others can read the entire thread of messages. Microsoft Access Links, Hints, Tips & Accounting Systems at http://www.granite.ab.ca/accsmstr.htm Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
