Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

pizzaseo.com
New on LowEndTalk? Please Register and read our Community Rules.

pizzaseo.com

IziDIziD Member
in General

What's the cause of this anomaly:

I understand there are script kiddies probing servers for fun as well as professional criminals operating strictly for profit. What I'm seeing here is just farce.

mr. Francisco Dias, do you have any clues? I believe these are your subnets. Ping @Francisco

Comments

  • FranciscoFrancisco Member, Top Host, Host Rep

    It's a very common DNS amplification domain that gets abused.

    Sounds like 4.75 is an open resolver, will ping the user.

    Francisco

  • IziDIziD Member

    @Francisco said: It's a very common DNS amplification domain that gets abused.

    But host on the receiving end is not an open resolver, why to keep trying?

  • CourvixCourvix Member

    As Francisco said, commonly abused domain for DNS amplification due to its large RRSIG response size (>10k bytes)

    It seems like you're possibly the target of an attack that uses this domain as the query.

    Thanked by 1IziD
  • IziDIziD Member

    Ah, makes sense. This looks more like an effort to obfuscate other traffic though as there are all possible kind of probing attempts: SIP, SNMP, LDAP, NTP, SSDP, STUN... The list goes on.

    What's interesting is that it doesn't stop despite all of that being dropped upon arrival.

Sign In or Register to comment.