Resolved! Find the source for "DNS amplification attack response"
Hello, We receive many "DNS amplification attack response" alerts with the source of our internal DNS servers toward public DNS servers on the Internet. How can we know whether these alerts are not false positives and if they are true positive, how to find the main endpoint responsible for this type of attack? Thank you all 🙂




