Recent DNS attacks from China?

• Previous message (by thread): Recent DNS attacks from China?
• Next message (by thread): Recent DNS attacks from China?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes it is, but the problem is that our servers are "attacking" the so called source address. All the answers are going back to the "source". It is huge amplification attacks. (some sort of smurf if you want)
The ip addresses are spoofed (We did a capture and saw all different ttl's so coming from behind different hops)
And yes we saw the ANY queries for all the domains.

I still wonder how it is still possible that ip addresses can be spoofed nowadays

Rob

============================

-----Oorspronkelijk bericht-----
Van: Matlock, Kenneth L [mailto:MatlockK at exempla.org] 
Verzonden: woensdag 30 november 2011 19:57
Aan: Richard Barnes; andrew.wallace
CC: nanog at nanog.org; Leland Vandervort
Onderwerp: RE: Recent DNS attacks from China?

Except in this case it's a DNS attack, which implies UDP based and easily spoofed. The source IP may or may not actually be accurate.
 
Ken

________________________________

From: Richard Barnes [mailto:richard.barnes at gmail.com]
Sent: Wed 11/30/2011 11:51 AM
To: andrew.wallace
Cc: nanog at nanog.org; Leland Vandervort
Subject: Re: Recent DNS attacks from China?



An attack originating from somewhere indicates the presence of either
an attacker or a compromised host.  A particular density of either in
a particular geographical area would seem like an interesting data
point.

--Richard

On Wed, Nov 30, 2011 at 1:24 PM, andrew.wallace
<andrew.wallace at rocketmail.com> wrote:
> Before we see knee-jerk conclusions about who to blame, these attacks could be carried out by anyone.
>
>
> Is country even relevant in the cyberscape?
>
>
> Andrew


*** Exempla Confidentiality Notice *** The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any other dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to the message and deleting it from your computer. Thank you. *** Exempla Confidentiality Notice ***

• Previous message (by thread): Recent DNS attacks from China?
• Next message (by thread): Recent DNS attacks from China?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]