[Pdns-users] ANY+Reflection Attacks?
Ciro Iriarte
cyruspy at gmail.com
Wed Feb 25 17:34:09 UTC 2015
El feb 25, 2015 5:25 AM, "Michael Ströder" <michael at stroeder.com> escribió:
>
> Ciro Iriarte wrote:
> > 2015-02-24 17:49 GMT-03:00 Ciro Iriarte <cyruspy at gmail.com>:
> >
> >> Hi!, I'm seeing a lot of messages of type "Timeout from remote TCP
client
> >> 10.XXX.XXX.XXX", it seems to be an attack given we have "any-to-tcp =
yes".
> >>
> >> Is this usual?, is there anyway to identify the attackers?. The
service is
> >> working fine and we have in our roadmap constant packed capture for
data
> >> mining but I find this behaviour new/interesting today :)
> >>
> >> Any comments?
> >>
> >> Regards,
> >
> > Well, never mind. After all, those are legitimate clients and there
seems
> > to be a firewall with connection tracking issues. What's unexpected to
me
> > is having TCP requests, I was expecting only UDP traffic from end users.
>
> DNSSEC used?
>
> Ciao, Michael.
>
As far as I remember, pdns-recursor doesn't support DNSSEC.
Regards,
Ciro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20150225/541d5937/attachment-0001.html>
More information about the Pdns-users
mailing list