DNS deluge for x.p.ctrc.cc

• Previous message (by thread): DNS deluge for x.p.ctrc.cc
• Next message (by thread): DNS deluge for x.p.ctrc.cc
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Estes, Paul wrote:
> Actually, what we are seeing does not appear to be an amplification
> attack. It appears to be a request flood from infected machines.
> 
> We have anti-spoofing filters on our upstream connections as well as our
> subscriber's access lines. The source addresses are not spoofed. They
> are valid subscriber source IP's.
> 
> Based on some cached entries I have found in other nameservers, CTRC.CC
> was apparently hacked and was delegating a number of subdomains to
> another nameserver that was issuing the 4K TXT record. The delegation
> has now been removed, and the nameserver they were delegated to appears
> to be offline.

Do they all happen to be connecting to one outside IP address? :)

• Previous message (by thread): DNS deluge for x.p.ctrc.cc
• Next message (by thread): DNS deluge for x.p.ctrc.cc
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]