Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Packets wanted, DNS DDOS attacks SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Packets wanted, DNS DDOS attacks

Jim posted earlier in the week ( regarding a bind 9 vulnerability.  Whilst possibly unrelated we've had a report regarding a few million DNS responses with static IDs being sent to an organisation.

If you have something similar happening and you are in a position to capture some packets we'd appreciate it if you could upload some for us to have a look at.  Especially of they all have the same ID number.  



392 Posts
ISC Handler
Jun 8th 2012
This doesn't sound like an exploit for CVE-2012-1667 at all. More likely it is the victim end of some variant of the DDoS
amplification attack described at

Sign Up for Free or Log In to start participating in the conversation!