[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS Amplification attack?

Subject: DNS Amplification attack?
From: r.bhatia at ipax.at (Raoul Bhatia [IPAX])
Date: Tue, 20 Jan 2009 23:43:04 +0100
In-reply-to: <[email protected]>
References: <[email protected]>

hi,

On 20.01.2009 21:54, Wil Schultz wrote:
> http://isc.sans.org/diary.html?storyid=5713
>
> I'm seeing them coming from the following addresses in my ns server logs.
>
> 69.50.142.110
> 69.50.142.11
> 76.9.16.171
> 66.230.128.15
> 66.230.160.1

counting 319149 denied queries for './NS/IN' since 2008-01-01, i see
roughly 96% "coming" from those ips:

>    1071 216.240.131.173
>    1183 74.86.34.144
>    3397 216.201.83.2
>    4526 216.201.82.19
>   13568 66.230.128.15
>   15487 69.50.142.110
>   17689 66.230.160.1
>   21987 69.50.137.175
>   52392 76.9.16.171
>   72591 76.9.31.42
>  113548 69.50.142.11

so "yes" :)

please also see another thread titled "isprime DOS in progress".

cheers,
raoul
-- 
____________________________________________________________________
DI (FH) Raoul Bhatia M.Sc.          email.          r.bhatia at ipax.at
Technischer Leiter

IPAX - Aloy Bhatia Hava OEG         web.          http://www.ipax.at
Barawitzkagasse 10/2/2/11           email.            office at ipax.at
1190 Wien                           tel.               +43 1 3670030
FN 277995t HG Wien                  fax.            +43 1 3670030 15
____________________________________________________________________

References:
- DNS Amplification attack?
  - From: wschultz at bsdboy.com (Wil Schultz)

Prev by Date: isprime DOS in progress
Next by Date: DNS Amplification attack?
Previous by thread: DNS Amplification attack?
Next by thread: DNS Amplification attack?
Index(es):
- Date
- Thread