[nsp-sec] DNS Flood to Ultra
Fouant, Stefan
Stefan.Fouant at neustar.biz
Tue Mar 31 10:24:20 EDT 2009
Folks,
Our Ultra sites have been coming under a UDP DNS flood for several hours
sustaining several hundred Mbps from what appears to be a large botnet,
generating queries for silverdollar.com and gocasino.com. Looks like a
dictionary attack. We're currently filtering it right and able to
sustain business operations as usual, but the attack continues.
Wondering if any of you can take a look at any of the botnets and find
out who might be behind this.
The ranges under attack are:
204.74.108.1/32
204.74.109.1/32
199.7.68.1/32
199.7.69.1/32
204.74.114.1/32
204.74.115.1/32
Thanks for any information any of you can provide,
Stefan Fouant: NeuStar, Inc.
Principal Network Engineer
46000 Center Oak Plaza Sterling, VA 20166
[ T ] +1 571 434 5656 [ M ] +1 202 210 2075
[ E ] stefan.fouant at neustar.biz [ W ] www.neustar.biz
More information about the nsp-security
mailing list