{"draft":"draft-ietf-dnsop-as112-under-attack-help-help-06","doc_id":"RFC6305","title":"I'm Being Attacked by PRISONER.IANA.ORG!","authors":["J. Abley","W. Maton"],"format":["ASCII","HTML"],"page_count":"8","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Domain Name System Operations","abstract":"Many sites connected to the Internet make use of IPv4 addresses that\r\nare not globally unique.  Examples are the addresses designated in\r\nRFC 1918 for private use within individual sites.\r\n\r\nHosts should never normally send DNS reverse-mapping queries for\r\nthose addresses on the public Internet.  However, such queries are\r\nfrequently observed.  Authoritative servers are deployed to provide\r\nauthoritative answers to such queries as part of a loosely\r\ncoordinated effort known as the AS112 project.\r\n\r\nSince queries sent to AS112 servers are usually not intentional, the\r\nreplies received back from those servers are typically unexpected.\r\nUnexpected inbound traffic can trigger alarms on intrusion detection\r\nsystems and firewalls, and operators of such systems often mistakenly\r\nbelieve that they are being attacked.\r\n\r\nThis document provides background information and technical advice to\r\nthose firewall operators.  This document is not an Internet Standards Track \r\nspecification; it is published for informational purposes.","pub_date":"July 2011","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6305","errata_url":null}