Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What's the cause of this anomaly:

I understand there are script kiddies probing servers for fun as well as professional criminals operating strictly for profit. What I'm seeing here is just farce.

mr. Francisco Dias, do you have any clues? I believe these are your subnets. Ping @Francisco


  • FranciscoFrancisco Top Host, Host Rep, Veteran

    It's a very common DNS amplification domain that gets abused.

    Sounds like 4.75 is an open resolver, will ping the user.


  • @Francisco said: It's a very common DNS amplification domain that gets abused.

    But host on the receiving end is not an open resolver, why to keep trying?

  • As Francisco said, commonly abused domain for DNS amplification due to its large RRSIG response size (>10k bytes)

    It seems like you're possibly the target of an attack that uses this domain as the query.

    Thanked by 1IziD
  • Ah, makes sense. This looks more like an effort to obfuscate other traffic though as there are all possible kind of probing attempts: SIP, SNMP, LDAP, NTP, SSDP, STUN... The list goes on.

    What's interesting is that it doesn't stop despite all of that being dropped upon arrival.

Sign In or Register to comment.