nanog mailing list archives
Re: DNS noise
From: Michael Sinatra <michael () rancid berkeley edu>
Date: Fri, 06 Apr 2012 10:51:50 -0700
On 04/06/12 10:47, Keegan Holley wrote:
Have you tried contacting the owner of the IP? A DDOS attack from that particular IP would be ironic. # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=72.20.23.24?showDetails=true&showARIN=false&ext=netref2 # Staminus Communications STAMINUS-COMMUNICATIONS (NET-72-20-0-0-1) 72.20.0.0 - 72.20.63.255 DDOSWIZ.COM STAMINUS-COMMUNICATIONS (NET-72-20-23-0-1) 72.20.23.0 - 72.20.23.63
If it's an attempt at a reflective DNS-based DDoS attack, then the source IP address making the query is likely spoofed. The IP address in question is really the target, not the source of the attack.
That is, of course, if this is a standard reflective DDoS attack. michael
Current thread:
- DNS noise Nathan Eisenberg (Apr 06)
- Re: DNS noise Keegan Holley (Apr 06)
- Re: DNS noise Michael Sinatra (Apr 06)
- Re: DNS noise PC (Apr 06)
- Re: DNS noise Jimmy Hess (Apr 06)
- Re: DNS noise Nick Hilliard (Apr 06)
- Re: DNS noise Jimmy Hess (Apr 06)
- Re: DNS noise David Conrad (Apr 06)
- Re: DNS noise Jimmy Hess (Apr 06)
- Re: DNS noise David Conrad (Apr 06)
- Re: DNS noise Jared Mauch (Apr 06)
- Re: DNS noise Jimmy Hess (Apr 06)
- Re: DNS noise Keegan Holley (Apr 06)
- <Possible follow-ups>
- Re: DNS noise Joe St Sauver (Apr 06)