[nsp-sec] ACK: Re: DNS Flood to Ultra
Taka Mizuguchi
taka at nttv6.jp
Tue Mar 31 12:58:14 EDT 2009
Ack for below japanese ASN.
2510 | 218.226.11.179 | INFOWEB FUJITSU LIMITED
2516 | 222.0.245.143 | KDDI KDDI CORPORATION
4713 | 114.151.177.221 | OCN NTT Communications Corporation
4713 | 114.168.151.63 | OCN NTT Communications Corporation
4713 | 122.19.12.17 | OCN NTT Communications Corporation
4713 | 123.219.11.62 | OCN NTT Communications Corporation
4713 | 58.90.71.36 | OCN NTT Communications Corporation
4713 | 60.36.81.28 | OCN NTT Communications Corporation
4725 | 210.197.200.129 | ODN SOFTBANK TELECOM Corp.
4725 | 211.3.219.83 | ODN SOFTBANK TELECOM Corp.
On Tue, 31 Mar 2009 10:24:20 -0400
"Fouant, Stefan" <Stefan.Fouant at neustar.biz> wrote:
> ----------- nsp-security Confidential --------
>
> Folks,
>
> Our Ultra sites have been coming under a UDP DNS flood for several hours
> sustaining several hundred Mbps from what appears to be a large botnet,
> generating queries for silverdollar.com and gocasino.com. Looks like a
> dictionary attack. We're currently filtering it right and able to
> sustain business operations as usual, but the attack continues.
> Wondering if any of you can take a look at any of the botnets and find
> out who might be behind this.
>
> The ranges under attack are:
>
> 204.74.108.1/32
> 204.74.109.1/32
> 199.7.68.1/32
> 199.7.69.1/32
> 204.74.114.1/32
> 204.74.115.1/32
>
> Thanks for any information any of you can provide,
>
> Stefan Fouant: NeuStar, Inc.
> Principal Network Engineer
> 46000 Center Oak Plaza Sterling, VA 20166
> [ T ] +1 571 434 5656 [ M ] +1 202 210 2075
> [ E ] stefan.fouant at neustar.biz [ W ] www.neustar.biz
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
--
Taka Mizuguchi <taka at nttv6.jp>
More information about the nsp-security
mailing list