nanog mailing list archives
Re: Recent DNS attacks from China?
From: Chris Adams <cmadams () hiwaay net>
Date: Wed, 30 Nov 2011 12:13:46 -0600
Once upon a time, Leland Vandervort <leland () taranta discpro org> said:
I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses? Over the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes. This anomalous traffic started roughly 24 hours ago, and while we've had occasions of anomalous chinese traffic, never anything of this type.
I'm seeing something similar. The requests are to our authoritative servers, and appear to be mostly for a small number of domains at a time (they are all domains we are authoritative for). They are all ANY queries, often repeated for the same domain rapidly. The requests come from one IP at a time, but move to another IP in a minute or two. This does NOT appear to be related to the recent BIND vulnerability. -- Chris Adams <cmadams () hiwaay net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Current thread:
- Recent DNS attacks from China? Leland Vandervort (Nov 30)
- Re: Recent DNS attacks from China? david raistrick (Nov 30)
- Re: Recent DNS attacks from China? Chris Adams (Nov 30)
- Re: Recent DNS attacks from China? andrew.wallace (Nov 30)
- Re: Recent DNS attacks from China? Valdis . Kletnieks (Nov 30)
- Re: Recent DNS attacks from China? Richard Barnes (Nov 30)
- RE: Recent DNS attacks from China? Matlock, Kenneth L (Nov 30)
- RE: Recent DNS attacks from China? Rob.Vercouteren (Nov 30)
- RE: Recent DNS attacks from China? Drew Weaver (Nov 30)
- <Possible follow-ups>
- Re: Recent DNS attacks from China? Rob.Vercouteren (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? David Conrad (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)