[nsp-sec] DNS DDoS - "." query reply flood
Jose Nazario
jose at arbor.net
Mon Jun 1 11:25:13 EDT 2009
picked up an amplified/reflected DNS "." query flood aimed at
81.176.232.101
AS | IP | AS Name
8342 | 81.176.232.101 | RTCOMM-AS RTComm.RU Autonomous System
may be worth looking for flows that purport to be from that host as a
means to track down the tools in use here. would be nice to ID the tools,
the botnet(s) and axe them as they can cause pain to other networks.
--
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list