Home page logo
/

nanog logo nanog mailing list archives

Re: DNS deluge for x.p.ctrc.cc
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 24 Feb 2006 20:19:18 +0200


Estes, Paul wrote:
Actually, what we are seeing does not appear to be an amplification
attack. It appears to be a request flood from infected machines.

We have anti-spoofing filters on our upstream connections as well as our
subscriber's access lines. The source addresses are not spoofed. They
are valid subscriber source IP's.

Based on some cached entries I have found in other nameservers, CTRC.CC
was apparently hacked and was delegating a number of subdomains to
another nameserver that was issuing the 4K TXT record. The delegation
has now been removed, and the nameserver they were delegated to appears
to be offline.

Do they all happen to be connecting to one outside IP address? :)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]