Packets wanted, DNS DDOS attacks

Published: 2012-06-08
Last Updated: 2012-06-08 02:56:31 UTC
by Mark Hofman (Version: 1)
1 comment(s)

Jim posted earlier in the week ( regarding a bind 9 vulnerability.  Whilst possibly unrelated we've had a report regarding a few million DNS responses with static IDs being sent to an organisation.

If you have something similar happening and you are in a position to capture some packets we'd appreciate it if you could upload some for us to have a look at.  Especially of they all have the same ID number.  


1 comment(s)


This doesn't sound like an exploit for CVE-2012-1667 at all. More likely it is the victim end of some variant of the DDoS
amplification attack described at

Diary Archives