nanog mailing list archives
RE: Recent DNS attacks from China?
From: <Rob.Vercouteren () kpn com>
Date: Wed, 30 Nov 2011 21:05:18 +0100
Yes it is, but the problem is that our servers are "attacking" the so called source address. All the answers are going back to the "source". It is huge amplification attacks. (some sort of smurf if you want) The ip addresses are spoofed (We did a capture and saw all different ttl's so coming from behind different hops) And yes we saw the ANY queries for all the domains. I still wonder how it is still possible that ip addresses can be spoofed nowadays Rob ============================ -----Oorspronkelijk bericht----- Van: Matlock, Kenneth L [mailto:MatlockK () exempla org] Verzonden: woensdag 30 november 2011 19:57 Aan: Richard Barnes; andrew.wallace CC: nanog () nanog org; Leland Vandervort Onderwerp: RE: Recent DNS attacks from China? Except in this case it's a DNS attack, which implies UDP based and easily spoofed. The source IP may or may not actually be accurate. Ken ________________________________ From: Richard Barnes [mailto:richard.barnes () gmail com] Sent: Wed 11/30/2011 11:51 AM To: andrew.wallace Cc: nanog () nanog org; Leland Vandervort Subject: Re: Recent DNS attacks from China? An attack originating from somewhere indicates the presence of either an attacker or a compromised host. A particular density of either in a particular geographical area would seem like an interesting data point. --Richard On Wed, Nov 30, 2011 at 1:24 PM, andrew.wallace <andrew.wallace () rocketmail com> wrote:
Before we see knee-jerk conclusions about who to blame, these attacks could be carried out by anyone. Is country even relevant in the cyberscape? Andrew
*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***
Current thread:
- Recent DNS attacks from China? Leland Vandervort (Nov 30)
- Re: Recent DNS attacks from China? david raistrick (Nov 30)
- Re: Recent DNS attacks from China? Chris Adams (Nov 30)
- Re: Recent DNS attacks from China? andrew.wallace (Nov 30)
- Re: Recent DNS attacks from China? Valdis . Kletnieks (Nov 30)
- Re: Recent DNS attacks from China? Richard Barnes (Nov 30)
- RE: Recent DNS attacks from China? Matlock, Kenneth L (Nov 30)
- RE: Recent DNS attacks from China? Rob.Vercouteren (Nov 30)
- RE: Recent DNS attacks from China? Drew Weaver (Nov 30)
- <Possible follow-ups>
- Re: Recent DNS attacks from China? Rob.Vercouteren (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? David Conrad (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? -Hammer- (Nov 30)
- Re: Recent DNS attacks from China? sthaug (Nov 30)