[75577] in North American Network Operators' Group
Re: DDoS attacks...?
daemon@ATHENA.MIT.EDU (Matthew Sullivan)
Wed Nov 17 00:01:51 2004
Date: Wed, 17 Nov 2004 15:00:31 +1000
From: Matthew Sullivan <matthew@sorbs.net>
In-reply-to: <419A740D.1060002@sorbs.net>
Cc: nanog <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
As a followup for those interested:
Matthew Sullivan wrote:
> Can people make a quick check the for DDoS attacks on 209.220.100.158
> in the last 12 hours (to 00:00 17th Nov 2004 GMT+0) - I am trying to
> get the exact time it appeared to occur, however I suspect it was in
> the time period of 13:00-14:00 16th Nov 2004 GMT+0 which coincided
> with the SORBS primary network dropping out of the global routing
> table (I don't have a clue as to why that happened either - it's being
> investigated). (I have a suspicion that there was no DDoS attack and
> as the IP hosts NS1.SORBS.NET I'm guessing that when the primary NS
> for SORBS.NET dropped of the face of the earth the resulting increase
> in traffic came as a bit of a shock for the network admin/owner).
Turns out the 'DDoS' was in actual fact not a deliberate DDoS and was
indeed excessive DNS queries all going to the same host due to problems
with a global routing table update/corruption last night (localtime).
Regards,
Mat
