[Unbound-users] Random subdomain flood query

battossai battossai at gmail.com
Tue Mar 31 15:04:07 UTC 2015


I think bloomfilter is help enough for this moment or perhaps the attacker
is turning off the activity.
Let see for tommorow.
On Mar 31, 2015 9:50 PM, "Stephane Bortzmeyer" <bortzmeyer at nic.fr> wrote:

> On Tue, Mar 31, 2015 at 11:34:09PM +0900,
>  DarkSoul <darksoul at darkbsd.org> wrote
>  a message of 53 lines which said:
>
> > Yes, these domains change quite often, unfortunately :(
> > This is an attack called water torture.
>
> Actually, no. I've seen very often the "water torture" or "random
> qnames" attack and it is the first time I see in the wild such a rapid
> change of the suffix.
>
> https://blog.secure64.com/?p=377
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20150331/6ee1c61c/attachment.htm>


More information about the Unbound-users mailing list