1 | initial version |
Hi,
A DNS amplification attack usually means that you are seeing "a lot" of DNS responses for queries that did not originate from your device. (what is "a lot" depends on various factors but one is the bandwidth of your connection)
So if you captured "a lot" of these then it may be a DNS amplification attack.
It looks like this packet is coming from one of the GTLD servers for dot COM.
The source IPv4 address 192.43.172.30 is a match for i.gtld-servers.net
The packet could be forged but it looks legit.
Hope this helps.
Cheers,
JF