[Pdns-users] ANY+Reflection Attacks?

Ciro Iriarte cyruspy at gmail.com
Wed Feb 25 02:30:15 UTC 2015


2015-02-24 17:49 GMT-03:00 Ciro Iriarte <cyruspy at gmail.com>:

> Hi!, I'm seeing a lot of messages of type "Timeout from remote TCP client
> 10.XXX.XXX.XXX", it seems to be an attack given we have "any-to-tcp = yes".
>
> Is this usual?, is there anyway to identify the attackers?. The service is
> working fine and we have in our roadmap constant packed capture for data
> mining but I find this behaviour new/interesting today :)
>
> Any comments?
>
> Regards,
>
> --
> Ciro Iriarte
> http://iriarte.it
> --
>

Well, never mind. After all, those are legitimate clients and there seems
to be a firewall with connection tracking issues. What's unexpected to me
is having TCP requests, I was expecting only UDP traffic from end users.


Regards,

-- 
Ciro Iriarte
http://iriarte.it
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20150224/43a45cd2/attachment-0001.html>


More information about the Pdns-users mailing list