Re: Recent DNS attacks from China?

[Richard Barnes <richard.barnes () gmail com>]

An attack originating from somewhere indicates the presence of either
an attacker or a compromised host.  A particular density of either in
a particular geographical area would seem like an interesting data
point.

--Richard

On Wed, Nov 30, 2011 at 1:24 PM, andrew.wallace
<andrew.wallace () rocketmail com> wrote:
> Before we see knee-jerk conclusions about who to blame, these attacks could be carried out by anyone.
>
>
> Is country even relevant in the cyberscape?
>
>
> Andrew
>
>
>
> ________________________________
>  From: Leland Vandervort <leland () taranta discpro org>
> To: nanog () nanog org
> Cc: Leland Vandervort <leland () taranta discpro org>
> Sent: Wednesday, November 30, 2011 4:32 PM
> Subject: Recent DNS attacks from China?
>
>
> Hi All,
>
> I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses?  Over 
> the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million 
> PPS for periods of 5 to 10 mins, repeated every 20 to 30 minutes.
>
> This anomalous traffic started roughly 24 hours ago, and while we've had occasions of anomalous chinese traffic, 
> never anything of this type.
>
> Anyone else?
>
>
> Regards,
>
>
> Leland