Two more UDP DNS DDoS victims seemingly detected

[Glenn Forbes Fleming Larratt <glratt () IO COM>]

Jan 16 10:02:52 udp 63.144.121.251(1024) -> our.net.DNS.srv(53), 1 packet
Jan 16 10:04:28 udp 63.144.121.251(1024) -> our.net.DNS.srv(53), 1 packet

Jan 16 10:06:12 udp 203.111.116.10(881) -> our.net.DNS.srv(53), 1 packet
Jan 16 10:06:30 udp 203.111.116.10(883) -> our.net.DNS.srv(53), 1 packet

        When examined with Ethereal, *both* of these repeated (rate of 2
        per second) sets of queries were the exact same lookup, every
        single time:

64.56.5.168.in-addr.arpa: type PTR, class inet

        Both of these IP's are now blocked at our border.

                -g

--
Glenn Forbes Fleming Larratt         The Lab Ratt (not briggs :-)
glratt () io com                        http://www.io.com/~glratt
There are imaginary bugs to chase in heaven.