DNS Flood

Henry R. Linneweh linneweh at concentric.net
Thu Aug 12 20:30:37 UTC 1999

Resolved to inspire3d.com
Resolved to Lets.lepak.net
Resolved to turing.une.edu.au
Unable to resolve
Netblock: -
Maintainer: DHHC
Resolved to cardassian.keysdigital.com
Unable to resolve 203.251.77
inetnum: -
netname:    KORNET
descr:        Korea Telecom

"Jamie D." wrote:

> Are there any other ISP's who are experiencing DNS floods, specifically I am
> looking for traffic destined for (or coming from) the following IPs
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> It appears someone is running a script that is using these nameservers, as
> well as the name servers of other educational facilities, to do a lookup on
> mulitple servers in the amplitude of 3-4 a second.  This activity has been
> happening for the past 3 weeks, we have null routed this traffic on our
> backbone, but it still shows up in Cache flow.
> This traffic actually saturated our customer's pipe as well as increased the
> load on our backbone router.
> If anyone has seen anything at all like that, (specifically people from
> UU.net or AT&T Worldnet) please lets band together and find the person doing
> this.
> Thanks
> Jamie D.    | noc at cerf.net
> AT&T CERFnet| Network Analyst
> 1-888-237-3638 opt 2 opt 2

More information about the NANOG mailing list