Hi Klaus On one of our name server which is secondary for a little over one thousand second level domains has been abused for DNS Amplification Attacks since November 2011.
There has not been a single week without such traffic. So, it is not decreasing at all. Since May 2012 we are rate-limiting outgoing ANY queries but this has not resulted in a decrease of such traffic. The most common DNS Amplification Attack traffic we are seeing is what is described in this ISC Diary post: https://isc.sans.edu/diary/DNS+ANY+Request+Cannon+-+Need+More+Packets/13261 Regards, Daniel On 17.08.12 10:03, Klaus Darilion wrote: > Hi! > > Lately, there was much discussion and examples on how to block the DNS > requests of DNS Amplification Attacks. Such filters prevent the name > server seeing the request, thus of course massively reducing the > outgoing traffic. But such filters can not reduce the incoming traffic - > the attacker will still send the DNS requests. > > Thus, I would be interested in the results of such filters. Do you see, > maybe not in short-term but in long-term, that the incoming attack > traffic also decreases? > > Thanks > Klaus > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
