DNS deluge for x.p.ctrc.cc
Gadi Evron
ge at linuxbox.org
Fri Feb 24 18:19:18 UTC 2006
Estes, Paul wrote:
> Actually, what we are seeing does not appear to be an amplification
> attack. It appears to be a request flood from infected machines.
>
> We have anti-spoofing filters on our upstream connections as well as our
> subscriber's access lines. The source addresses are not spoofed. They
> are valid subscriber source IP's.
>
> Based on some cached entries I have found in other nameservers, CTRC.CC
> was apparently hacked and was delegating a number of subdomains to
> another nameserver that was issuing the 4K TXT record. The delegation
> has now been removed, and the nameserver they were delegated to appears
> to be offline.
Do they all happen to be connecting to one outside IP address? :)
More information about the NANOG
mailing list