DNS DDoS Host list

Andrew Fried andrew.fried at gmail.com
Mon Jan 26 11:48:50 CST 2009


Based on the logs from the past 48 hours, here are the hosts that appear
to be under attack.  The count field reflects the individual number of
"'./NS/IN' denied" log entries that appeared in my logs.  Note that the
stats for 206.71.158.30 are under-reported due to the fact that I
blackholed that address last night, however packet captures reveal that
I'm no longer seeing spoofed packets targeting that address.

+----------------+-------------+
| host           | count(host) |
+----------------+-------------+
| 10.168.69.6    |          18 |
| 202.104.106.49 |          84 |
| 206.71.158.30  |       34327 |
| 210.21.218.138 |          84 |
| 63.217.28.226  |        2696 |
| 66.230.160.1   |        3541 |
| 76.9.16.171    |        1355 |
+----------------+-------------+

-- 
Andrew Fried
andrew.fried at gmail.com





More information about the NANOG mailing list