On Wed, 28 Jan 2009, jay () miscreant org wrote:
Quoting John Martinez <jmartinez () zero11 com>:
Are we still seeing DNS DDoS attack?
Yep. I'm seeing ~2 queries/sec targetting 126.96.36.199.
Also seeing requests from 188.8.131.52 every 1 minute 2 seconds.
I run a small personal nameserver and even I am seeing requests for that
address 184.108.40.206 at ~1/sec.
How many people have upgraded to the latest version of Bind 9? Reason
I ask is that when I do my nightly port scan of my server, I no longer see
named listening to udp on a random high order port (for replies I believe?).
Almost the next day, I started hearing about/seeing these DNS attacks.