Security Incidents mailing list archives
Two more UDP DNS DDoS victims seemingly detected
From: Glenn Forbes Fleming Larratt <glratt () IO COM>
Date: Tue, 16 Jan 2001 11:46:00 -0600
Jan 16 10:02:52 udp 63.144.121.251(1024) -> our.net.DNS.srv(53), 1 packet Jan 16 10:04:28 udp 63.144.121.251(1024) -> our.net.DNS.srv(53), 1 packet Jan 16 10:06:12 udp 203.111.116.10(881) -> our.net.DNS.srv(53), 1 packet Jan 16 10:06:30 udp 203.111.116.10(883) -> our.net.DNS.srv(53), 1 packet When examined with Ethereal, *both* of these repeated (rate of 2 per second) sets of queries were the exact same lookup, every single time: 64.56.5.168.in-addr.arpa: type PTR, class inet Both of these IP's are now blocked at our border. -g -- Glenn Forbes Fleming Larratt The Lab Ratt (not briggs :-) glratt () io com http://www.io.com/~glratt There are imaginary bugs to chase in heaven.
Current thread:
- Two more UDP DNS DDoS victims seemingly detected Glenn Forbes Fleming Larratt (Jan 16)