[nsp-sec] DNS Type 2 (Authoritative NS) query for "." DDoS ongoing-> Attn AS 23393 (ISPrime)
Smith, Donald
Donald.Smith at qwest.com
Tue Jan 20 10:32:35 EST 2009
Strangely enough I saw NONE.
I checked two days of netflow. This looks like it was a very small set of attackers.
The sites involved are known for hosting porn. I suspect this is some type of holy war or one porn owner fighting another?? We do have decent bcp38 so it may have been dropped before any netflow was created?
Donald.Smith at qwest.com<mailto:Donald.Smith at qwest.com>
Please cc the handlers to keep them all in the loop.
________________________________
From: nsp-security-bounces at puck.nether.net [nsp-security-bounces at puck.nether.net] On Behalf Of White, Gerard [Gerard.White at aliant.ca]
Sent: Monday, January 19, 2009 12:41 PM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] DNS Type 2 (Authoritative NS) query for "." DDoS ongoing-> Attn AS 23393 (ISPrime)
----------- nsp-security Confidential --------
Greetings
If you were to examine your flows, you should see quite a bit of UDP/53
response traffic right now
targeting:
AS | IP | AS Name
23393 | 76.9.31.42 | ISPRIME - ISPrime, Inc.
Anyone for traceback?
GW
855 - Bell Aliant
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list