Recent DNS attacks from China?

• Previous message (by thread): Recent DNS attacks from China?
• Next message (by thread): Recent DNS attacks from China?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Once upon a time, Leland Vandervort <leland at taranta.discpro.org> said:
> I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses?  Over the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes.
> 
> This anomalous traffic started roughly 24 hours ago, and while we've had occasions of anomalous chinese traffic, never anything of this type.

I'm seeing something similar.  The requests are to our authoritative
servers, and appear to be mostly for a small number of domains at a time
(they are all domains we are authoritative for).  They are all ANY
queries, often repeated for the same domain rapidly.  The requests come
from one IP at a time, but move to another IP in a minute or two.

This does NOT appear to be related to the recent BIND vulnerability.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

• Previous message (by thread): Recent DNS attacks from China?
• Next message (by thread): Recent DNS attacks from China?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]