[111014] in North American Network Operators' Group
DNS DDoS Host list
daemon@ATHENA.MIT.EDU (Andrew Fried)
Mon Jan 26 12:49:07 2009
Date: Mon, 26 Jan 2009 12:48:50 -0500
From: Andrew Fried <andrew.fried@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Based on the logs from the past 48 hours, here are the hosts that appear
to be under attack. The count field reflects the individual number of
"'./NS/IN' denied" log entries that appeared in my logs. Note that the
stats for 206.71.158.30 are under-reported due to the fact that I
blackholed that address last night, however packet captures reveal that
I'm no longer seeing spoofed packets targeting that address.
+----------------+-------------+
| host | count(host) |
+----------------+-------------+
| 10.168.69.6 | 18 |
| 202.104.106.49 | 84 |
| 206.71.158.30 | 34327 |
| 210.21.218.138 | 84 |
| 63.217.28.226 | 2696 |
| 66.230.160.1 | 3541 |
| 76.9.16.171 | 1355 |
+----------------+-------------+
--
Andrew Fried
andrew.fried@gmail.com
