[nsp-sec] root query DNS ddos - affecting russian ISP ...
Jose Nazario
jose at arbor.net
Fri Jun 19 15:18:00 EDT 2009
via ISC SIE passive DNS analysis found that this subnet is getting
pounded with root "." queries:
193.169.4.0/24 | SVS-TELECOM-AS SVS-Telecom Ltd. | RU
now's another chance for folks to look for UDP DNS flows with that
source address range and track down the offending hosts and the
associated malcode. the sooner we find this botnet the better all of
us will be.
hope all's well.
Jose Nazario
jose at arbor.net
More information about the nsp-security
mailing list