[nsp-sec] UDP DDoS to PDNS1.ULTRADNS.NET and PDNS5.ULTRADNS.INFO
Krista Hickey
Krista.Hickey at cogeco.com
Thu Jun 18 13:35:31 EDT 2009
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of sthaug at nethelp.no
> Sent: Thursday, June 18, 2009 1:13 PM
> To: ni at centergate.net
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] UDP DDoS to PDNS1.ULTRADNS.NET and
> PDNS5.ULTRADNS.INFO
>
> ----------- nsp-security Confidential --------
>
> > > Here is the actual full list:
> > >
> > > https://asn.cymru.com/nsp-sec/upload/1245339888.whois.txt
> > >
> > > time range was from 12:56 to 15:18 UTC.
> >
> > I believe you have some false positives in that list. One of the
hosts
> > from AS 2116, 193.75.110.78, is one of our main recursive name
servers,
> > and is definitely expected to send queries to the UltraDNS hosts.
>
> Oh yeah, the same applies to the 194.19.2.10 host from AS 3307.
>
> Steinar Haug, AS 2116
>
Me too, the following are DNS servers our customer's use,
7992 | 24.226.1.93 | COGECOWAVE - Cogeco Cable
7992 | 24.226.10.194 | COGECOWAVE - Cogeco Cable
The other two listings are for commercial customers that run their own
DNS servers and we haven't had issues with before so....
Krista
7992
More information about the nsp-security
mailing list