DNS requests from 209.67.50.203

Mailman List Mirror (Read Only)
1

Yes, it's a DDoS attack, of the type that Vern Paxson has dubbed
"refletor attacks". You send a forged DNS query to a DNS server; it
sends its reply to the victim. Then you have lots of hosts around the
net doing this, but banging on different DNS servers.

    --Steve Bellovin

2

A good way to reduce this is to turn off recursion for
people not on your network for your dns server. This is fairly easy
to do with bind8/bind9.

  - Jared