[nsp-sec] Speaking of DNS DDoS ... 67.21.67.126 getting love.
Scott A. McIntyre
scott at xs4all.net
Fri Apr 10 00:18:12 EDT 2009
Hi,
On Apr 10, 2009, at 00:44 , Stephen Gill wrote:
> I think we might have a new record.
>
> At a cursory glance it looks like over 1 MILLION open recursive
> servers were
> used for this attack.
>
> Now to noddle on some ideas to deal with this mess :(
Neat. High Score player one!
I checked for the software version on most of my customer connections
which were taking place and overwhelmingly I saw "Viking DNS module" -
this is what came back as the version query by a factor of 10 more
than anything else. After that our own internal version numbers
(implying the customers had some sort of an open DNS proxy). I'll try
to get in touch with some of the customers and find out what the
Viking stuff is, that's new to our network, previous DNS recursion
tests didn't show that as a popular entry (or an entry at all, as far
as I recall).
Scott A. McIntyre
XS4ALL
More information about the nsp-security
mailing list