Recent DNS attacks from China?

Richard Barnes richard.barnes at gmail.com
Wed Nov 30 18:51:21 UTC 2011


An attack originating from somewhere indicates the presence of either
an attacker or a compromised host.  A particular density of either in
a particular geographical area would seem like an interesting data
point.

--Richard

On Wed, Nov 30, 2011 at 1:24 PM, andrew.wallace
<andrew.wallace at rocketmail.com> wrote:
> Before we see knee-jerk conclusions about who to blame, these attacks could be carried out by anyone.
>
>
> Is country even relevant in the cyberscape?
>
>
> Andrew
>
>
>
> ________________________________
>  From: Leland Vandervort <leland at taranta.discpro.org>
> To: nanog at nanog.org
> Cc: Leland Vandervort <leland at taranta.discpro.org>
> Sent: Wednesday, November 30, 2011 4:32 PM
> Subject: Recent DNS attacks from China?
>
>
> Hi All,
>
> I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses?  Over the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes.
>
> This anomalous traffic started roughly 24 hours ago, and while we've had occasions of anomalous chinese traffic, never anything of this type.
>
> Anyone else?
>
>
> Regards,
>
>
> Leland




More information about the NANOG mailing list