[nsp-sec] NACK AS25: UDP DDoS to PDNS1.ULTRADNS.NET and PDNS5.ULTRADNS.INFO
Michael Sinatra
michael at rancid.berkeley.edu
Tue Jun 23 14:51:54 EDT 2009
The hosts in question from AS25 (like others) were legitimate recursive
nameservers and one SMTP server. I'll keep looking, but I do not
currently see anything other than legitimate DNS traffic.
michael
On 06/18/09 09:45, Nicholas Ianelli wrote:
> ----------- nsp-security Confidential --------
>
> Here is the actual full list:
>
> https://asn.cymru.com/nsp-sec/upload/1245339888.whois.txt
>
> time range was from 12:56 to 15:18 UTC.
>
> Nick
>
> Nicholas Ianelli wrote:
>> ----------- nsp-security Confidential --------
>
>
>> Name: PDNS5.ULTRADNS.INFO
>> Address: 204.74.114.1
>
>> Name: PDNS1.ULTRADNS.NET
>> Address: 204.74.108.1
>
>> UDP traffic destined to ports 0-5119, majority of packets were of a size
>> 1.15kbytes/packet
>
>> This appears to be spoofed, still interested in what anyone can find.
>> I've included a list of hosts seen participating in this attack. The
>> data is valid from 1420 GMT to 1450 GMT on 2009.06.18
>
>> Cheers,
>> nick
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>
>
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list