Observation of DNS Amplification Attack (bls.gov)
bls.gov's ANY becomes huge size because of DNSSEC. It is abused as DDoS.
$ dig @::1 bls.gov any ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.8.5-P1 <<>> @::1 bls.gov any ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19603 ;; flags: qr rd ra; QUERY: 1, ANSWER: 18, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;bls.gov. IN ANY ;; ANSWER SECTION: bls.gov. 86142 IN SOA dcgate.bls.gov. blsdnsadmins.bls.gov. 2010042644 1800 300 604800 86400 bls.gov. 86142 IN RRSIG SOA 7 2 86400 20131026030030 20131019020030 4712 bls.gov. YeBVU1Ek4HocfJsCDiy5qFe9hCEtnaLGQ/jaX7NgXLsvJ6An1cw5yKLA Tb6fj+ZiOr9dWggrVSeZlzVLHonSv4EUjpLen2fXH1fyaOd9M4SpNk7W /5s+kORqNTLGmn9ubT+EIph8BzTlJ9+FWTjnAZjSJd9CniPVXMuShjL0 5A4s7fQVcvU7mNC0XKFiGrQFW9iiEH/zHAGHbG6nHDBaWzoDBey3Qgwq ojem7dspFWwedki0gXY4neOLMgXM5Ci/8LpXwy3zPIAXyqxTIzTq42yn E2gHBVONRx3auQbI9REYD1f1JZVo1WFzMdalOD0JMHhl9BOICrbmaqFQ 3QHaYQ== bls.gov. 86142 IN MX 50 blsmail1.bls.gov. bls.gov. 86142 IN MX 10 blsmail.bls.gov. bls.gov. 86142 IN RRSIG MX 7 2 86400 20131026030030 20131019020030 4712 bls.gov. F63OMdDdiUBDY6E3a5g/X1VTm6tBLdQ7OJOshZMpn+ei5GBztYNJZuxT 83QSFMUpgKtq56u9WltrZJJTUfTojFfMosARO/cPaNVQEQPwt4xesXJy e0Rx4m9rhFD1z34AqAoeLod6HanRjhkuizkk6M/MNPmejYJTN4IvyVFC 80TnG6IP6+l/O8jUwvUDGqZh/7mK7+V1+/hY8rZclOTXZB+x+St5N661 YLug66TbssrGgwHUwheFn0s+YVQczdF4eAt1Zk1aCVzuQBq6B2MSe1Al MYs38qXS4h0VO3pxs91M8PTsYCac0JBrvjVG2wPySJOeW9kaNVyCWToQ E9ZPuA== bls.gov. 86142 IN A 146.142.4.22 bls.gov. 86142 IN RRSIG A 7 2 86400 20131026030030 20131019020030 4712 bls.gov. lTrxdXwGbM6at8ZONnHvKBPM5ieNbk6nRzCnvkRUL0E8Pig/y4B2LV6S QBhdwX5dEvn36YcACnWRSrcCBg/eu9Sr1up8M+2AL21m5p0TB8sc26qw xXZw9ugFcum5XbqgdXnCUuX72mmPorD02JpfnjOJMXbx3hb51mjCK/gc PxWZxFfjmPzZ5IXnGcuve3fiAZI4IK0gvuV9tq2vfSF2V/eRFbuqzY+7 tr2KUVczCANIVfcR6P/t/8C7RN2LgnYGMly6MLxjF3EbBl1OKEMxPmyI uumtFakMyoAO1krWykyVtQGYN6Oe+0fFGv3qTmzbWConfYxiUy/Zg/fj hCB3qQ== bls.gov. 86142 IN NS auth111.ns.uu.net. bls.gov. 86142 IN NS auth120.ns.uu.net. bls.gov. 86142 IN RRSIG NS 7 2 86400 20131026030030 20131019020030 4712 bls.gov. JAtfq6M0Gk0pmzbivyqCZ3e5eOqJrBvMi6cxu/+3b8UEpR4OHy7zLG80 XyrudTz1fZnpLOt0mPVaXLg9PnwDYP47RtNFPzQBP2aYKqQFIwhiSfbG qRtczWGLJOMXRhbLpHOUEiDx3ST/dZH/SNxVFB9h0VkZSpsvxRIo4HYD H55V0O2HthpM4RrFRzyVxwKQN37e4nRC6i03D0krEEekPwFysfe4oWEl g2yHAPicSDDzvtxDDYhcSk3MPPW3FWhVB6xCbRNkpMu9cpnLAwpbzr76 GVSf5gaY+AXK1SS1G6mAxOOqSvlNLSfhmR0Upj8/YAXSD42e5WmVitZK IoYmeg== bls.gov. 86142 IN NSEC3PARAM 1 0 12 AABBCCDD bls.gov. 86142 IN RRSIG NSEC3PARAM 7 2 86400 20131026030030 20131019020030 4712 bls.gov. WUyPQJrp4pxtNpIikv41yy3NxFg34+z6OEokuHenn7Vq8iqKPasSEf0F gCfSSdnV3ccKvXyfkedbl6wbME+JDLZytFYuoHf1aHDTm7tB2Enl6sc4 +EmC6z3sWkCxQl6fPCxcb4Qu4pEJ4UuIexcJqir24FyWkYEQkfEbESMG loiLvbW4YA89YUOMxXq9HBGGRWL3O0SJ3zqDzB03vFGzwSCoQ1sPSU4k RQiX4S8XstZVcj/4ZkUf+2Ys00FyzbfL31dZ3uEaFjojbP65ZU/2hFBT znLXcwXH3HPkw515jZ2+4ggsEWvev527rbeXHCETsnrvCOpMOuoYvcV1 T6TcRw== bls.gov. 86142 IN DNSKEY 257 3 7 AwEAAW7hTguez7A5q9hJHYUC2bm7HMlm4DKUxDYmEtx0ZAgdfkBDxEUQ tQEnjq5ffDGbNhT589xTEC7Z7LGpv4My8RL/+YHTwT7zLee+C1GJlfXw iItgB+lL3VKgD7YpSk7N355volXPv2nxB+LvxdEYHvuIpqUVhPKd6g7f juX/0R9aHMElX0zdiQdIIi+z9WoX9OTpbmAVD80PwZj5CqTviSBxv5Lr zZgC9PtJmJGDNRUL+i7ydL9czf2xjBVP1NvENvvrTCY5qUqZPTVde3KQ TQ75E4dcxu+KMpeEt/2jdAmrv2d+vcBvKN/2oKUtKRpQkAYqWbuHLoR1 +rLVWsKBhkE= bls.gov. 86142 IN DNSKEY 256 3 7 AwEAAWywfaLAmSpwAZal8y596M4jap8ioz+VQoaCYkR4yRknpKN7bSKx ZFTGCjPSaZbsM6RlMgSDOeRZdHdqrWyM2Qq6DVaiIlTK09YsyCK7WNd6 io4uNVGbjEo4Q6OM7iZmoDb/Em3Ymzz/CCRmik/qj9ayoko+FT2m0uYO k0LNzy4wYx2oiSx8HlkZGMItbfYQisNeW9XQG4wvQ7sTIEaySpZmCeFs 6quXEZsxE/jelTvT/xseSNSGRWfE1xFd+ln+LnNFyrFfEApMwjMkw9qf R3vMJMISgi75QnL2U/bCvHqAdxLP6JjN11FzH8wYWJ2eIkmcLAJ4y296 uA+8kacdZzc= bls.gov. 86142 IN DNSKEY 257 3 7 AwEAAYXURbzbBOatX1IZP/EsK8UpQRoFPZAuiqSSIE7JukxTpwukpPXB jCfLIsA059mSGkKFEaemeON8T9grMFjNjMl5EoDDuphmjI/6M9y1nPfI YcRould729Rsiw0HvOtN5YtMfbQ6beBhxxnF9mgvZ+TDhf3sRy4SFHws 7E1OT0NvGO1zbph7FnYgi09GZ/XK4CZHyXiQ3R8vv1r5PzIRQrK4xyS8 Kp128ozD0Wj7R1VolN3ZJ+tJWUYnXJe2S0CXRdZYQrPHK/AD3T6xjXee TlOSvLrpWdQtmlrnPsAQ/vuDKqAW0SqvBTjR2JNcaghwXorMgLt78fhm wBnerfn2QTk= bls.gov. 86142 IN DNSKEY 256 3 7 AwEAAafkOJX8jrccDObq1UmhKjSiaija4Be5fsbcQ+4RhBVZmaoO+jii EAmPJO/r26b4sYGRQ1f9t6W9UkMt53O6rkxQdWjag5EEpXs2XUmGic2z OYSS8IaIftikJFlulcgBsNyMFxunWG6epdjyfP6DOCrgI6X4ibtnJSbJ vfHVN1VlV/LkBSmxXQhcOnG/6Whv8iSkbNku77sSosjnQACULoPT96Sj dF/Pe1ar9cULJcx+QIvE8sazb6anEPZUqWwYbul3Co0rNV6WPMM1Q7Bn kJgS0490tJ+2xfmoyViELCGUJdhy+HAu7L6dvbUnlb9ZAcp79tAGfB8n y455crDim/M= bls.gov. 86142 IN RRSIG DNSKEY 7 2 86400 20131026030030 20131019020030 4712 bls.gov. Sos3YBlFv6m058FZYcCy8QF5GAZ9m+WwiKkxPv43jFYvbQfsoTJbakkK yaHu9ontB/QyjSG1B0PNA97RX5H8hvWFxw0fs6p0xd/Nj6Xngmk9IKRI cKOzZKwR40gwGdo5nGG/60Y0ZET/S7SjJ4XNtTziqi7nNs90UQ5TpEIm CrGPw+QcNJqBhKuMf33b+lbC3XBlpyjRL8H+1+1kDEL9lRZZKdYjqb5U xn0YZI0mbhMw3KaPESS0bDkK2dlT0VyXHYG3HlsdrEMsAW4Q6AJb0Xmg RWxXllP8HiVUDWrUdt/5GAK2WCRiYEo7JlFmmC2dgDuKaPFWVzOGlpsk s27+zA== bls.gov. 86142 IN RRSIG DNSKEY 7 2 86400 20131026030030 20131019020030 16984 bls.gov. MsZL7LnRanWiQLaGeXlwKu6wLumnZulErb4CisJQk6aretIpNiKzmLT4 JfuKfyYlnYp6cYai9KjPeKbAq31ARubNnEQiLzCgMUGqjpXOLUfJE3LB ZDIccgC+P+XwEjgiELLF0SCQ4HMy+O1OAKOpFtMKEeQkxBqygVu7+0ll LHvzfo5s2MWAeEbZ+BTsaWc/HD5PqGSeihyEHPr4Tm3CJZvrRXSJji9e OH6+TQWr7nBWpvZ9EQoNp0ErYt628Bc379YWlUdzyr3J8WGzHA9A6mhM 3K4Rg2sfiAnpzGB2gvA/6pDChSy5gOunn4gzoQPNHVTfPS2/i/zNAxg8 9GRnSw== ;; Query time: 1 msec ;; SERVER: ::1#53(::1) ;; WHEN: Sat Oct 19 22:02:51 JST 2013 ;; MSG SIZE rcvd: 3389
