[110847] in North American Network Operators' Group
Re: DNS Amplification attack?
daemon@ATHENA.MIT.EDU (Raoul Bhatia [IPAX])
Tue Jan 20 17:43:15 2009
Date: Tue, 20 Jan 2009 23:43:04 +0100
From: "Raoul Bhatia [IPAX]" <r.bhatia@ipax.at>
To: Wil Schultz <wschultz@bsdboy.com>
In-Reply-To: <86A39458-2A2B-45D7-8968-811AAFF422A8@bsdboy.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
hi,
On 20.01.2009 21:54, Wil Schultz wrote:
> http://isc.sans.org/diary.html?storyid=5713
>
> I'm seeing them coming from the following addresses in my ns server logs.
>
> 69.50.142.110
> 69.50.142.11
> 76.9.16.171
> 66.230.128.15
> 66.230.160.1
counting 319149 denied queries for './NS/IN' since 2008-01-01, i see
roughly 96% "coming" from those ips:
> 1071 216.240.131.173
> 1183 74.86.34.144
> 3397 216.201.83.2
> 4526 216.201.82.19
> 13568 66.230.128.15
> 15487 69.50.142.110
> 17689 66.230.160.1
> 21987 69.50.137.175
> 52392 76.9.16.171
> 72591 76.9.31.42
> 113548 69.50.142.11
so "yes" :)
please also see another thread titled "isprime DOS in progress".
cheers,
raoul
--
____________________________________________________________________
DI (FH) Raoul Bhatia M.Sc. email. r.bhatia@ipax.at
Technischer Leiter
IPAX - Aloy Bhatia Hava OEG web. http://www.ipax.at
Barawitzkagasse 10/2/2/11 email. office@ipax.at
1190 Wien tel. +43 1 3670030
FN 277995t HG Wien fax. +43 1 3670030 15
____________________________________________________________________
