[nsp-sec] UDP DDoS to PDNS1.ULTRADNS.NET and PDNS5.ULTRADNS.INFO
David Freedman
david.freedman at uk.clara.net
Thu Jun 18 13:21:59 EDT 2009
Possible false positive,
80.168.101.132 is one of our many resolvers, AS8426
------------------------------------------------
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----Original Message-----
From: nsp-security-bounces at puck.nether.net on behalf of sthaug at nethelp.no
Sent: Thu 6/18/2009 18:13
To: ni at centergate.net
Cc: nsp-security at puck.nether.net
Subject: Re: [nsp-sec] UDP DDoS to PDNS1.ULTRADNS.NET and PDNS5.ULTRADNS.INFO
----------- nsp-security Confidential --------
> > Here is the actual full list:
> >
> > https://asn.cymru.com/nsp-sec/upload/1245339888.whois.txt
> >
> > time range was from 12:56 to 15:18 UTC.
>
> I believe you have some false positives in that list. One of the hosts
> from AS 2116, 193.75.110.78, is one of our main recursive name servers,
> and is definitely expected to send queries to the UltraDNS hosts.
Oh yeah, the same applies to the 194.19.2.10 host from AS 3307.
Steinar Haug, AS 2116
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list