[Pdns-users] ANY+Reflection Attacks?
Michael Ströder
michael at stroeder.com
Wed Feb 25 08:25:21 UTC 2015
Ciro Iriarte wrote:
> 2015-02-24 17:49 GMT-03:00 Ciro Iriarte <cyruspy at gmail.com>:
>
>> Hi!, I'm seeing a lot of messages of type "Timeout from remote TCP client
>> 10.XXX.XXX.XXX", it seems to be an attack given we have "any-to-tcp = yes".
>>
>> Is this usual?, is there anyway to identify the attackers?. The service is
>> working fine and we have in our roadmap constant packed capture for data
>> mining but I find this behaviour new/interesting today :)
>>
>> Any comments?
>>
>> Regards,
>
> Well, never mind. After all, those are legitimate clients and there seems
> to be a firewall with connection tracking issues. What's unexpected to me
> is having TCP requests, I was expecting only UDP traffic from end users.
DNSSEC used?
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4252 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20150225/f5af65af/attachment-0001.bin>
More information about the Pdns-users
mailing list