DNS Flood

• Previous message (by thread): DNS Flood
• Next message (by thread): DNS Flood
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Resolved 199.108.32.203 to inspire3d.com
Resolved 216.15.178.201 to Lets.lepak.net
Resolved 129.180.11.17 to turing.une.edu.au
Unable to resolve 216.41.23.68
Netname: OEMGREEN
Netblock: 216.41.0.0 - 216.41.127.255
Maintainer: DHHC
Resolved 208.235.124.20 to cardassian.keysdigital.com
Unable to resolve 203.251.77
inetnum:     203.251.0.0 - 203.251.127.255
netname:    KORNET
descr:        Korea Telecom



"Jamie D." wrote:

> Are there any other ISP's who are experiencing DNS floods, specifically I am
> looking for traffic destined for (or coming from) the following IPs
>
> >>> 199.108.32.203
> >>> 216.15.178.201
> >>> 129.180.11.17
> >>> 216.41.23.68
> >>> 208.235.124.20
> >>> 203.251.77.1
>
> It appears someone is running a script that is using these nameservers, as
> well as the name servers of other educational facilities, to do a lookup on
> mulitple servers in the amplitude of 3-4 a second.  This activity has been
> happening for the past 3 weeks, we have null routed this traffic on our
> backbone, but it still shows up in Cache flow.
>
> This traffic actually saturated our customer's pipe as well as increased the
> load on our backbone router.
>
> If anyone has seen anything at all like that, (specifically people from
> UU.net or AT&T Worldnet) please lets band together and find the person doing
> this.
>
> Thanks
> Jamie D.    | noc at cerf.net
> AT&T CERFnet| Network Analyst
> 1-888-237-3638 opt 2 opt 2

• Previous message (by thread): DNS Flood
• Next message (by thread): DNS Flood
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]