DNS DDoS Host list
Andrew Fried
andrew.fried at gmail.com
Mon Jan 26 17:48:50 UTC 2009
Based on the logs from the past 48 hours, here are the hosts that appear
to be under attack. The count field reflects the individual number of
"'./NS/IN' denied" log entries that appeared in my logs. Note that the
stats for 206.71.158.30 are under-reported due to the fact that I
blackholed that address last night, however packet captures reveal that
I'm no longer seeing spoofed packets targeting that address.
+----------------+-------------+
| host | count(host) |
+----------------+-------------+
| 10.168.69.6 | 18 |
| 202.104.106.49 | 84 |
| 206.71.158.30 | 34327 |
| 210.21.218.138 | 84 |
| 63.217.28.226 | 2696 |
| 66.230.160.1 | 3541 |
| 76.9.16.171 | 1355 |
+----------------+-------------+
--
Andrew Fried
andrew.fried at gmail.com
More information about the NANOG
mailing list