[nsp-sec] DDoS to EveryDNS nameserver IPs
Tom Daly
tom at dyn-inc.com
Sun Feb 8 10:22:47 EST 2009
Morning,
We saw the same vector target ns4.mydyndns.org this morning. 1000-byte packets to random UDP destination ports.
Here's the top source IPs from a snapshot:
322 210.207.41.130
320 115.139.129.23
297 125.185.134.21
291 92.60.60.17
287 124.54.113.180
279 119.203.41.90
273 125.184.10.163
260 124.56.29.143
259 122.153.56.194
242 222.108.152.160
232 222.74.59.8
226 115.139.78.76
220 124.50.109.231
218 125.176.249.79
216 211.193.200.232
214 124.54.15.36
150 117.24.225.37
148 58.73.216.8
143 60.179.43.150
142 211.53.188.3
127 125.184.147.90
106 91.148.149.33
They 1000-byte payload appears to be randomly generated. Magnitude of the attack was about 110 meg/sec.
If anyone is interested in the pcap or a complete source list, please let me know.
Thanks,
Tom
--
Tom Daly
tom at dyn-inc.com
Dynamic Network Services, Inc.
http://dynamicnetworkservices.com/
More information about the nsp-security
mailing list