On Sep 11, 2014, at 8:42 PM, Peter Andreev <andreev.pe...@gmail.com> wrote:
> One of those SLDs is an online-shop, another is online-casino, so I concluded > that our > resolver is being used to bombard NSes of corresponding SLDs with queries. Also, in some cases, we've seen this activity constitute a reflection/amplification attack against the recursive DNS infrastructure of broadband and IDC operators who're using public open recursors as their external resolvers. So, looking at the purported querier addresses might provide some insight into which scenario applies in any given instance. ----------------------------------- Roland Dobbins <rdobb...@arbor.net> _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
