More likely, it’s a malware used to do a targeted attack rather than insecure routers.
Also why not both? ;) Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 28. 3. 2023, at 10:44, Borja Marcos <bor...@sarenet.es> wrote: > > > >> On 28 Mar 2023, at 09:33, Nyamkhand Buluukhuu <nyamkh...@mobinet.mn> wrote: >> >> Hello, >> >> We are having slowly increasing dns requests from our customer zones all >> asking mXX.krebson.ru. I think this is a DNS amplification attack. >> And source zones/IP addresses are different but sending same requests like >> below. > > I wonder, maybe some of your customers have open recursive DNS servers > themselves? Some brands of routers > are unfortunately easy to misconfigure. > > I must play whack-a-mole now and then. > > > > > Borja. > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
