DNS requests from 209.67.50.203

• Previous message (by thread): DNS requests from 209.67.50.203
• Next message (by thread): multiple origin ASes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John Kristoff wrote:
> 
> On a university list many sites are reporting large amounts of traffic
> appearing to come from 209.67.50.203 to their DNS servers.  The
> administrator of the source IP (spoofed of course) is the victim of a
> brutal DoS attack.  The traffic is UDP/DNS queries that are appear to be
> going directly to available DNS servers (as opposed to random hosts).
> Most sites are reporting on the order of 6 or more packets per second to
> their DNS servers.  The victim has apparently seen upwards of 90 Mb/s of
> traffic coming back in to them.  Does anyone here have anymore
> information on this attack?

In general, this attack method is known. There is some information 
about it documented at:

  Denial of Service Attacks Using Nameservers
  http://www.cert.org/incident_notes/IN-2000-04.html

Regards,
Kevin

• Previous message (by thread): DNS requests from 209.67.50.203
• Next message (by thread): multiple origin ASes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]