nanog mailing list archives
Re: anycast and ddos
From: Rodney Joffe <rjoffe () centergate com>
Date: Sun, 08 May 2005 09:15:03 -0700
At 01:38 AM 07-05-05 +0000, Christopher L. Morrow wrote:I scanned my Telescope report of 3,382 spoofed DDOS attacks last week (May 1-7) and could not find any listed for 216.168.229.0/24, worldnic.com, netsol.com or AS6245. -Hankworldnic.com. 86400 IN NS ns1.netsol.com. worldnic.com. 86400 IN NS ns2.netsol.com. worldnic.com. 86400 IN NS ns3.netsol.com. ;; ADDITIONAL SECTION: ns1.netsol.com. 86400 IN A 216.168.229.228 ns2.netsol.com. 86400 IN A 216.168.229.229 ns3.netsol.com. 86400 IN A 216.168.229.229
I believe the issues (reported on NANOG specifically) related to ns*.worldnic.com (seemingly ns1 through ns100.worldnic.com) which seem to be mostly related to 216.168.225.0/24 with some smatterings in 216.168.228.0/24. Some examination during the event, and since then, would indicate that traceroutes to these /24s result in endpoints that are in the same location, apparently in the DC area. Anycast would not seem to be involved. It further seems that these nameservers are used primarily by customers of their bundled with a domain name dns offering, with minimal cost. There are in excess of 300,000 domains that point to ns*.worldnic.net as being authoritative, that I have been able to identify so far. It seems that a large number of domain name registrants might have been affected, although many were unaware. And I assume that it is obvious that this is all "Network Solutions", the Registrar Business, as distinct from the now completely unrelated company, Verisign, the Registry Operator. Rodney Joffe CenterGate Research Group, LLC http://www.centergate.com "Technology so advanced, even WE don't understand it"(R)
Current thread:
- anycast and ddos Randy Bush (May 06)
- Re: anycast and ddos Patrick W. Gilmore (May 06)
- Re: anycast and ddos Christopher L. Morrow (May 06)
- Re: anycast and ddos Randy Bush (May 07)
- Re: anycast and ddos Randy Bush (May 07)
- Re: anycast and ddos Christopher L. Morrow (May 07)
- NetSol disaster (was Re: anycast and ddos) Randy Bush (May 07)
- Re: anycast and ddos Randy Bush (May 07)
- Message not available
- Re: anycast and ddos Hank Nussbacher (May 08)
- Re: anycast and ddos Rodney Joffe (May 08)
- Re: anycast and ddos Hank Nussbacher (May 08)
- Re: anycast and ddos Hank Nussbacher (May 08)
- <Possible follow-ups>
- Re: anycast and ddos Fergie (Paul Ferguson) (May 06)
- Re: anycast and ddos Kim Onnel (May 06)
- Re: anycast and ddos Christopher L. Morrow (May 06)
- Re: anycast and ddos Sean Donelan (May 06)
- Re: anycast and ddos Christopher L. Morrow (May 06)
- Re: anycast and ddos Kim Onnel (May 06)