[147010] in North American Network Operators' Group
Re: Recent DNS attacks from China?
daemon@ATHENA.MIT.EDU (andrew.wallace)
Wed Nov 30 13:25:31 2011
Date: Wed, 30 Nov 2011 10:24:21 -0800 (PST)
From: "andrew.wallace" <andrew.wallace@rocketmail.com>
To: Leland Vandervort <leland@taranta.discpro.org>
In-Reply-To: <02F7D865-8803-4662-818C-9332163730F1@taranta.discpro.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: "andrew.wallace" <andrew.wallace@rocketmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Before we see knee-jerk conclusions about who to blame, these attacks could=
be carried out by anyone. =0A=0A=0AIs country even relevant in the cybersc=
ape?=0A=0A=0AAndrew=0A=0A=0A=0A________________________________=0A From: Le=
land Vandervort <leland@taranta.discpro.org>=0ATo: nanog@nanog.org =0ACc: L=
eland Vandervort <leland@taranta.discpro.org> =0ASent: Wednesday, November =
30, 2011 4:32 PM=0ASubject: Recent DNS attacks from China?=0A =0A=0AHi All,=
=0A=0AI am wondering if anyone else is seeing a sudden increase in DNS att=
acks emanating from chinese IP addresses?=A0 Over the past 24 hours we've s=
een a sudden rash of chinese IPs attacking our DNS servers in the order of =
5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 mi=
nutes.=0A=0AThis anomalous traffic started roughly 24 hours ago, and while =
we've had occasions of anomalous chinese traffic, never anything of this ty=
pe.=0A=0AAnyone else?=0A=0A=0ARegards, =0A=0A=0ALeland
