[nsp-sec] ack'd 2914 Re: DNS Flood to Ultra [NTT-M6906312S] Ultra DNS DoS

Tino Steward tsteward at us.ntt.net
Tue Mar 31 10:53:03 EDT 2009 

ack'd 2914 looking.
tino

On Tue, Mar 31, 2009 at 10:24:20AM -0400, Fouant, Stefan wrote:
> ----------- nsp-security Confidential --------
> 
> Folks,
> 
> Our Ultra sites have been coming under a UDP DNS flood for several hours
> sustaining several hundred Mbps from what appears to be a large botnet,
> generating queries for silverdollar.com and gocasino.com.  Looks like a
> dictionary attack.  We're currently filtering it right and able to
> sustain business operations as usual, but the attack continues.
> Wondering if any of you can take a look at any of the botnets and find
> out who might be behind this.
> 
> The ranges under attack are:
> 
> 204.74.108.1/32
> 204.74.109.1/32
> 199.7.68.1/32
> 199.7.69.1/32
> 204.74.114.1/32
> 204.74.115.1/32
> 
> Thanks for any information any of you can provide,
> 
> Stefan Fouant: NeuStar, Inc.
> Principal Network Engineer 
> 46000 Center Oak Plaza Sterling, VA 20166
> [ T ] +1 571 434 5656 [ M ] +1 202 210 2075
> [ E ] stefan.fouant at neustar.biz [ W ] www.neustar.biz
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________

-- 

Tino T. Steward SNA1 - Security & Abuse	                                     tsteward at us.ntt.net
NTT Communications Global IP Network Operations Center                       
214-853-7344 (Ph.)                                                           214.800.7771 (Fax) 

AUP online: http://www.nttamerica.com/legal/internet/acceptable_policy.html 
AUP online: http://www.ntt.net/library/pdf/AUP.pdf 

Check http://www.cert.org for some of the latest documented exploits and your OS manufacturer for the latest security patches.

Intruder detection: http://www.cert.org/tech_tips/intruder_detection_checklist.html

Latest viruses: http://www.cert.org

Recovering from a compromised host: http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

More information about the nsp-security mailing list