On 02/18/2014 07:59 PM, Joe Maimon wrote:
Doug Barton wrote:
On 02/18/2014 07:08 PM, Joe Maimon wrote:
Thousand of queries with thousands of source ip addresses.
Pardon if I missed a memo, but how are your resolver systems receiving
these thousands of very different source addresses?
Doug
Thousands of queries _from_ thousands of source ip addresses
likely they are spoofed
Yes, got that bit. :) What I'm asking is, why are spoofed queries
hitting your "different resolvers, routers with proxy turned on, etc.?"
Are you running open resolvers? If so, please stop doing that, it's
widely known to be a bad idea for over a decade now, and you are
providing the bad guys a tool to use for DDOS attacks.
If it's something else, please speak up. Regardless of the goal of this
particular issue, the way to solve the root problem is to prevent the
spoofed packets from getting to your servers in the first place.
Doug
