[nsp-sec] UDP DDoS to PDNS1.ULTRADNS.NET and PDNS5.ULTRADNS.INFO
sthaug at nethelp.no
sthaug at nethelp.no
Thu Jun 18 13:07:15 EDT 2009
> Here is the actual full list:
>
> https://asn.cymru.com/nsp-sec/upload/1245339888.whois.txt
>
> time range was from 12:56 to 15:18 UTC.
I believe you have some false positives in that list. One of the hosts
from AS 2116, 193.75.110.78, is one of our main recursive name servers,
and is definitely expected to send queries to the UltraDNS hosts.
For the other host, 193.90.144.98, I have checked our Netflow records.
As far as I can see, this host also was sending perfectly normal DNS
queries to the UltraDNS hosts, UDP port 53, fairly small packets.
Steinar Haug, AS 2116
More information about the nsp-security
mailing list