Open Resolvers pseudo Honey Pot (Was: Open Resolver Problems)
Alain Hebert
ahebert at pubnix.net
Thu May 9 17:14:42 UTC 2013
( Ok, ok, another bad customer =D )
Starting today at 5h15m EST...
There is a bigger than usual DDoS amplification against the IP's
listed below.
Granted root servers query is barely 1k while the usual isc.org is
3.5k and this is a "possible" 15Mbps from this one source but still :(
PS:
If you're a Tier and wish to track down the *^%$*#@ source ISP's to
explain to them the joy of BCP38...
Contact me off list, from your corporate email address, and I'll
provide you with the IP of that server.
----- IP are targeted for DDoS amplification.
Format:
<IP>
<query count during 10 seconds> [query]
94.23.42.215
2128 . IN ANY +E
208.98.25.130
3079 . IN ANY +E
188.134.46.102
2639 . IN ANY +E
108.61.239.105
2270 . IN ANY +E
95.129.166.186
2416 . IN ANY +E
176.9.210.53
2839 . IN ANY +E
145.53.65.130
2326 . IN ANY +E
99.198.100.86
1223 . IN ANY +E
37.59.72.74
2508 . IN ANY +E
199.83.133.42
2392 . IN ANY +E
74.63.248.210
1481 . IN ANY +E
173.199.68.62
1178 . IN ANY +E
82.80.17.4
2666 . IN ANY +E
188.162.228.50
1075 . IN ANY +E
79.225.4.183
1014 . IN ANY +E
78.108.79.171
1291 . IN ANY +E
31.53.123.192
1093 . IN ANY +E
90.3.194.151
1245 . IN ANY +E
27.50.70.191
1304 . IN ANY +E
198.7.63.39
1579 . IN ANY +E
81.220.28.129
1103 . IN ANY +E
198.105.218.12
1110 . IN ANY +E
86.160.85.37
1128 . IN ANY +E
184.95.35.194
1237 . IN ANY +E
134.255.237.244
1245 . IN ANY +E
178.32.36.67
1588 . IN ANY +E
204.45.55.8
1419 . IN ANY +E
95.211.209.182
1520 . IN ANY +E
80.192.224.22
1430 . IN ANY +E
24.244.248.8
1414 . IN ANY +E
79.71.69.165
1090 . IN ANY +E
24.244.248.57
1364 . IN ANY +E
82.132.226.216
1079 . IN ANY +E
69.162.97.99
1601 . IN ANY +E
-----
Alain Hebert ahebert at pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
More information about the NANOG
mailing list