[nsp-sec] UDP DDoS to PDNS1.ULTRADNS.NET and PDNS5.ULTRADNS.INFO
Mike Tancsa
mike at sentex.net
Thu Jun 18 14:12:26 EDT 2009
At 01:07 PM 6/18/2009, sthaug at nethelp.no wrote:
>I believe you have some false positives in that list. One of the hosts
>from AS 2116, 193.75.110.78, is one of our main recursive name servers,
>and is definitely expected to send queries to the UltraDNS hosts.
Same here, 205.211.164.51 is one of our main recursive name servers
for our network.
Nothing really odd in the application logs other than
Jun 18 08:37:24 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving 'lnp.com/MX/IN': 204.74.114.1#53
Jun 18 09:17:20 auth2 named[565]: FORMERR resolving
'adns.yieldmanager.com/AAAA/IN': 204.74.114.1#53
Jun 18 13:06:23 auth2 named[565]: FORMERR resolving
'adns.yieldmanager.com/AAAA/IN': 204.74.114.1#53
Jun 18 14:04:15 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving 'lnp.com/MX/IN': 204.74.114.1#53
Jun 18 01:46:43 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '7.192.196.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 01:46:43 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '7.192.196.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 05:19:14 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '8.73.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 08:37:24 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving 'lnp.com/MX/IN': 204.74.108.1#53
Jun 18 09:17:20 auth2 named[565]: FORMERR resolving
'adns.yieldmanager.com/AAAA/IN': 204.74.108.1#53
Jun 18 09:48:38 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '14.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 09:48:38 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '8.69.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 09:48:38 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '28.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 09:54:40 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '34.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 09:56:41 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '28.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 09:57:16 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '22.69.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 09:57:42 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '28.73.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:00:36 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '8.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:09:04 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '34.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:12:09 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '14.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:18:58 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '4.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:18:58 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '36.68.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:18:58 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '42.68.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:19:37 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '41.68.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:19:37 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '67.68.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:19:37 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '68.68.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:19:37 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '33.68.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:19:38 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '32.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:19:38 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '38.64.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:20:22 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '26.69.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:20:22 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '12.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:20:22 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '24.69.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:20:23 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '36.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 10:20:23 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '39.64.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 12:01:15 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '36.65.17.209.in-addr.arpa/PTR/IN': 204.74.108.1#53
Jun 18 13:06:07 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving '26.74.17.209.IN-ADDR.ARPA/PTR/IN': 204.74.108.1#53
Jun 18 13:06:23 auth2 named[565]: FORMERR resolving
'adns.yieldmanager.com/AAAA/IN': 204.74.108.1#53
Jun 18 14:04:15 auth2 named[565]: unexpected RCODE (SERVFAIL)
resolving 'lnp.com/MX/IN': 204.74.108.1#53
---Mike
More information about the nsp-security
mailing list