[nsp-sec] DNS DDoS uptick
Tom Daly
tom at dyn-inc.com
Tue Apr 7 14:32:47 EDT 2009
> we've been on the end of two DDoS's in the last week. One is port 53
> against our DNS infrastructure, the other against a DNS related
> service, our mail and web forwarding capability. We have not had a
> measurable DDoS for at least the last year.
We can confirm that same in the past months. We've had considerable amounts of ICMP, non-port 53 UDP flooding, and SYN floods. Nothing has been in-DNS-protocol...yet. Our e-mail farms have been under sustained loads for dictionary and joe-job floods.
Rodney - can you confirm if the attack last week was directed at UltraDNS itself, and not a customer domain?
Can anyone from Register.com confirm if this is directed at your infrastructure, or a customer domain? How about AfterNIC? Are these attacks in-DNS-protocol?
> This "feels" like a sea change in the environment.
Agree!
Tom
--
Tom Daly
tom at dyn-inc.com
Dynamic Network Services, Inc.
http://dynamicnetworkservices.com/
More information about the nsp-security
mailing list