On Wed 13/Jan/2021 14:31:58 +0100 John Kristoff wrote:
Some may be sourced from a security/research survey project, but some
sources performing this may be for more nefarious purposes - building a
list of open resolvers that will answer for the purposes of maintaining
an amplication/reflection hit list.


I see some IPs are the same. However, my attacker seems rather to be (blindly) attempting an amplification attack than building a list of open resolvers, because the same IP is usually retried 4~6 times.


Best
Ale
--












_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to