[anti-abuse-wg] DNS DoS attacks by 220.127.116.11 and 18.104.22.168
Wilfried Woeber Woeber at CC.UniVie.ac.at
Sat Sep 29 12:00:27 CEST 2012
U.Mutlu wrote: [...] > ... and the attack would > be a so called "reflected UDP DNS attack" carried out by someone else > using forged IP headers Even authoritative nameservers are vulnerable to some degree. > (IMO again cheap BS excuse as nowadays > every ISP uses egress/ingress filtering to block such SenderIP-forgeries). I rate this statement/expectation as wishful thinking, sorry. > Is this a case for CERT's ? Definitely! > Anybody have experience with CERT's and can give tips? Depending on "where" you are based, or what your existing relationships to CERTs are, you may want to get in touch with the one that covers the constitency you are in, or try to get in touch with other CERTs that my have working relationships with the ISPs providing connectivity to those address blocks or sources of the offending packets. Hth, Wilfried.