On Wed 13/Jan/2021 14:31:58 +0100 John Kristoff wrote:
Some may be sourced from a security/research survey project, but some sources performing this may be for more nefarious purposes - building a list of open resolvers that will answer for the purposes of maintaining an amplication/reflection hit list.
I see some IPs are the same. However, my attacker seems rather to be (blindly) attempting an amplification attack than building a list of open resolvers, because the same IP is usually retried 4~6 times.
Best Ale -- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users