On Thu, Jul 03, 2014 at 10:19:30PM -0700, Kelsey Cummings wrote:
> We are seeing a pretty short list of domains used for this attack right now
> so I don't see any short term scaling issues. Are other providers seeing a
> large number of domains used?
We see a short list of domains, rotating quickly (once an hour or so,
sometimes slower, sometimes faster).
Interestingly, from conversations with various service providers, we've
learned that even a semi-decent security/abuse program cleans up these
issues as it appears affected hosts are quite visible in their behaviour,
and get flagged before they hog the DNS server.
It is only service providers that do not have an abuse desk that works that
have this issue, since DNS is the first time they note they have customers
that send out malicious traffic.
Bert
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
