[147012] in North American Network Operators' Group
Re: Recent DNS attacks from China?
daemon@ATHENA.MIT.EDU (Richard Barnes)
Wed Nov 30 13:52:24 2011
In-Reply-To: <1322677461.68582.YahooMailNeo@web162104.mail.bf1.yahoo.com>
Date: Wed, 30 Nov 2011 13:51:21 -0500
From: Richard Barnes <richard.barnes@gmail.com>
To: "andrew.wallace" <andrew.wallace@rocketmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>,
Leland Vandervort <leland@taranta.discpro.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
An attack originating from somewhere indicates the presence of either
an attacker or a compromised host. A particular density of either in
a particular geographical area would seem like an interesting data
point.
--Richard
On Wed, Nov 30, 2011 at 1:24 PM, andrew.wallace
<andrew.wallace@rocketmail.com> wrote:
> Before we see knee-jerk conclusions about who to blame, these attacks cou=
ld be carried out by anyone.
>
>
> Is country even relevant in the cyberscape?
>
>
> Andrew
>
>
>
> ________________________________
> =A0From: Leland Vandervort <leland@taranta.discpro.org>
> To: nanog@nanog.org
> Cc: Leland Vandervort <leland@taranta.discpro.org>
> Sent: Wednesday, November 30, 2011 4:32 PM
> Subject: Recent DNS attacks from China?
>
>
> Hi All,
>
> I am wondering if anyone else is seeing a sudden increase in DNS attacks =
emanating from chinese IP addresses?=A0 Over the past 24 hours we've seen a=
sudden rash of chinese IPs attacking our DNS servers in the order of 5 to =
10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes=
.
>
> This anomalous traffic started roughly 24 hours ago, and while we've had =
occasions of anomalous chinese traffic, never anything of this type.
>
> Anyone else?
>
>
> Regards,
>
>
> Leland
