Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Packets wanted, DNS DDOS attacks - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Packets wanted, DNS DDOS attacks

Jim posted earlier in the week (https://isc.sans.edu/diary.html?storyid=13387) regarding a bind 9 vulnerability.  Whilst possibly unrelated we've had a report regarding a few million DNS responses with static IDs being sent to an organisation.

If you have something similar happening and you are in a position to capture some packets we'd appreciate it if you could upload some for us to have a look at.  Especially of they all have the same ID number.  

Mark  

Mark

391 Posts
ISC Handler
This doesn't sound like an exploit for CVE-2012-1667 at all. More likely it is the victim end of some variant of the DDoS
amplification attack described at https://isc.sans.edu/diary/DNS+ANY+Request+Cannon+-+Need+More+Packets/13261
Anonymous

Sign Up for Free or Log In to start participating in the conversation!