[Emerging-Sigs] Rule 2016016

waldo kitty wkitty42 at windstream.net
Thu Dec 20 09:21:17 HAST 2012

On 12/20/2012 12:21, Jørgen Bøhnsdalen wrote:
> The attack works by sending a small query from a spoofed source IP, which (optimally) results in the server sending a huge response back. See this link:
> http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack

ahhh, /that/ thing... ok... i had thought that was what it was referencing but 
wasn't sure... thanks!

> What we've seen though is a bunch of requests to non-dns servers, possibly in an attempt to locate DNS-servers that allow recursive lookup.

yeah, they gotta get thru our perimeter and that's not gonna happen... at least 
not as far as external requests to our DNS servers ;)

More information about the Emerging-sigs mailing list