[nsp-sec] DDoS to EveryDNS nameserver IPs
Chris Morrow
morrowc at ops-netman.net
Wed Feb 4 14:59:34 EST 2009
On Wed, 4 Feb 2009, David Ulevitch wrote:
> ----------- nsp-security Confidential --------
>
> I'm currently receiving a large DDoS to all my EveryDNS nameserver IPs:
>
> ns1.everydns.net has address 208.76.56.56
> ns2.everydns.net has address 78.129.207.168
> ns3.everydns.net has address 71.6.202.220
> ns4.everydns.net has address 208.96.6.134
>
> The DDoS appears to all be UDP packets of length 1000 bytes.
>
> Here's what I mean:
>
> 01:39:20.107917 IP 115.186.96.138.58798 > 208.76.56.56.2194: UDP, length 1000
> 01:39:20.107959 IP 82.212.143.159.2270 > 208.76.56.56.4000: UDP, length 1000
> 01:39:20.107969 IP 187.10.195.160.60001 > 208.76.56.56.2105: UDP, length 1000
> 01:39:20.107986 IP 189.119.47.137.25664 > 208.76.56.56.908: UDP, length 1000
> 01:39:20.107991 IP 213.189.175.47.3732 > 208.76.56.56.3804: UDP, length 1000
> 01:39:20.108012 IP 202.41.85.244.22349 > 208.76.56.56.3119: UDP, length 1000
> 01:39:20.108089 IP 89.174.93.234.4675 > 208.76.56.56.3589: UDP, length 1000
upstream filter anything not udp/53 || tcp/53 destination ports??
More information about the nsp-security
mailing list