[Emerging-Sigs] Rule 2016016
wkitty42 at windstream.net
Thu Dec 20 09:21:17 HAST 2012
On 12/20/2012 12:21, Jørgen Bøhnsdalen wrote:
> The attack works by sending a small query from a spoofed source IP, which (optimally) results in the server sending a huge response back. See this link:
ahhh, /that/ thing... ok... i had thought that was what it was referencing but
wasn't sure... thanks!
> What we've seen though is a bunch of requests to non-dns servers, possibly in an attempt to locate DNS-servers that allow recursive lookup.
yeah, they gotta get thru our perimeter and that's not gonna happen... at least
not as far as external requests to our DNS servers ;)
More information about the Emerging-sigs