nanog mailing list archives
Re: DNS Amplification attack?
From: "Raoul Bhatia [IPAX]" <r.bhatia () ipax at>
Date: Tue, 20 Jan 2009 23:43:04 +0100
hi, On 20.01.2009 21:54, Wil Schultz wrote:
http://isc.sans.org/diary.html?storyid=5713 I'm seeing them coming from the following addresses in my ns server logs. 69.50.142.110 69.50.142.11 76.9.16.171 66.230.128.15 66.230.160.1
counting 319149 denied queries for './NS/IN' since 2008-01-01, i see roughly 96% "coming" from those ips:
1071 216.240.131.173 1183 74.86.34.144 3397 216.201.83.2 4526 216.201.82.19 13568 66.230.128.15 15487 69.50.142.110 17689 66.230.160.1 21987 69.50.137.175 52392 76.9.16.171 72591 76.9.31.42 113548 69.50.142.11
so "yes" :) please also see another thread titled "isprime DOS in progress". cheers, raoul -- ____________________________________________________________________ DI (FH) Raoul Bhatia M.Sc. email. r.bhatia () ipax at Technischer Leiter IPAX - Aloy Bhatia Hava OEG web. http://www.ipax.at Barawitzkagasse 10/2/2/11 email. office () ipax at 1190 Wien tel. +43 1 3670030 FN 277995t HG Wien fax. +43 1 3670030 15 ____________________________________________________________________
Current thread:
- DNS Amplification attack? Wil Schultz (Jan 20)
- Re: DNS Amplification attack? Raoul Bhatia [IPAX] (Jan 20)
- Re: DNS Amplification attack? David W. Hankins (Jan 20)
- Re: DNS Amplification attack? Mark Andrews (Jan 20)
- Re: DNS Amplification attack? David Coulthart (Jan 21)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? Stuart Henderson (Jan 21)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- <Possible follow-ups>
- Re: DNS Amplification attack? jay (Jan 20)