Is it possible to determine the home gateway device (CPE) make and model via SNMP? If they have open DNS proxies they probably have SNMP as well.
- Jason On 6/11/12 3:24 AM, "sth...@nethelp.no" <sth...@nethelp.no> wrote: >> I see the same query against my private domain. It started roughly at >> the 25. of May. >> What is common is the UDPsize of 9000 and that both domains are signed. >> Because of that the amplification factor is mutch higher. >> >> What I don't understand is that the source adresses are mostly out >> of dynamic address pools from broadband ISP around the world. >> So the victims are residentinal users? > >No, most likely the residential users have CPEs with DNS proxies which >are open to queries from the WAN side. Thus the attack is typically: > >spoofed source -> CPE -> name server -> CPE -> DoS of spooofed source > >Steinar Haug, Nethelp consulting, sth...@nethelp.no >_______________________________________________ >dns-operations mailing list >dns-operations@lists.dns-oarc.net >https://lists.dns-oarc.net/mailman/listinfo/dns-operations >dns-jobs mailing list >https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
