[147004] in North American Network Operators' Group
Re: Recent DNS attacks from China?
daemon@ATHENA.MIT.EDU (david raistrick)
Wed Nov 30 12:44:34 2011
Date: Wed, 30 Nov 2011 12:42:29 -0500 (EST)
From: david raistrick <drais@icantclick.org>
To: Leland Vandervort <leland@taranta.discpro.org>
In-Reply-To: <02F7D865-8803-4662-818C-9332163730F1@taranta.discpro.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, 30 Nov 2011, Leland Vandervort wrote:
> I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses? Over the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes.
>
> This anomalous traffic started roughly 24 hours ago, and while we've had occasions of anomalous chinese traffic, never anything of this type.
That might explain akamai.net hostnames not resolving intermittently since
Tue Nov 29 20:20:02 2011 UTC...
I don't run any authoritative or exposed caches at the moment, and the aka
NXDOMAINs are the only thing we've been seeing dropouts on for the past
~48 hours, but we did see NXDOMAINs from a bunch of amazonaws hostnames
over the holidays...
--
david raistrick http://www.netmeister.org/news/learn2quote.html
drais@icantclick.org http://www.expita.com/nomime.html
