DNS DDoS

Andrew Fried andrew.fried at gmail.com
Wed Jan 28 16:07:20 UTC 2009 

Targeted victims, beginning 28-Jan-2009, as seen from my DNS server. 
GeoIP data for top two sites also below:

+----------------+-------------+------------+
| host           | count(host) | Percentage |
+----------------+-------------+------------+
| 202.104.106.49 |          51 |     0.1109 |
| 210.21.218.138 |          51 |     0.1109 |
| 64.57.246.123  |        3561 |     7.7421 |
| 64.57.246.146  |       29530 |    64.2026 |
| 67.192.144.0   |         991 |     2.1546 |
| 70.86.80.98    |       11276 |    24.5157 |
| 76.9.16.171    |         535 |     1.1632 |
+----------------+-------------+------------+

GeoIP Location Information for IP: 64.57.246.146
    Located in: Suwanee, GA (US)
    Latitude: 34.0535
    Longitude: -84.0659
    Area Code: 770
    Postal Code: 30024

ARIN information for: 64.57.246.146
    DNS PTR Record:   
    Registrar:         arin
    ASN Number:        AS20141
    Country:           US
    Ip Starting Block: 64.57.240.0
    IP Ending Block:   64.57.255.255
    IP Block Size:     4096
    Date Registered:   20051012
    Block Status:      allocated

BGP Peering Information for ASN20141:

PEER_AS | IP               | BGP Prefix          | CC | Registry |
Allocated  | AS Name
6983    | 64.57.246.146    | 64.57.240.0/20      | US | arin     |
2005-10-12 | ITCDELTA - ITC^Deltacom
14745   | 64.57.246.146    | 64.57.240.0/20      | US | arin     |
2005-10-12 | INTERNAP-BLOCK-4 - Internap Network Services Corporation




GeoIP Location Information for IP: 70.86.80.98
    Located in: Houston, TX (US)
    Latitude: 29.7523
    Longitude: -95.3670
    Area Code: 713
    Postal Code: 77002

ARIN information for: 70.86.80.98
    DNS PTR Record:    62.50.5646.static.theplanet.com.
    Registrar:         arin
    ASN Number:        AS21844
    Country:           US
    Ip Starting Block: 70.84.0.0
    IP Ending Block:   70.87.255.255
    IP Block Size:     262144
    Date Registered:   20040729
    Block Status:      allocated

BGP Peering Information for ASN21844:

PEER_AS | IP               | BGP Prefix          | CC | Registry |
Allocated  | AS Name
2914    | 70.86.80.98      | 70.84.0.0/14        | US | arin     |
2004-07-29 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
3356    | 70.86.80.98      | 70.84.0.0/14        | US | arin     |
2004-07-29 | LEVEL3 Level 3 Communications
3549    | 70.86.80.98      | 70.84.0.0/14        | US | arin     |
2004-07-29 | GBLX Global Crossing Ltd.
4565    | 70.86.80.98      | 70.84.0.0/14        | US | arin     |
2004-07-29 | MEGAPATH2-US - MegaPath Networks Inc.
6461    | 70.86.80.98      | 70.84.0.0/14        | US | arin     |
2004-07-29 | MFNX MFN - Metromedia Fiber Network

-- 
Andrew Fried
andrew.fried at gmail.com

More information about the NANOG mailing list