[nsp-sec] DNS Flood to Ultra

Chisholm, Glenn L Glenn.L.Chisholm at team.telstra.com
Tue Mar 31 20:36:17 EDT 2009 

ACK AS 1221

Glenn Chisholm
General Manager, Network Security
This communication may contain CONFIDENTIAL information of Telstra Corporation Limited (ABN 33 051 775 556). It may also be the subject of LEGAL PROFESSIONAL PRIVILEGE and/or under copyright. If you are not an intended recipient, you MUST NOT keep, forward, copy, use, save or rely on this communication, and any such action is unauthorised and prohibited. If you have received this communication in error, please reply to this e-mail to notify the sender of its incorrect delivery, and then delete both it and your reply.


-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Fouant, Stefan
Sent: Wednesday, 1 April 2009 1:24 AM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] DNS Flood to Ultra

----------- nsp-security Confidential --------

Folks,

Our Ultra sites have been coming under a UDP DNS flood for several hours
sustaining several hundred Mbps from what appears to be a large botnet,
generating queries for silverdollar.com and gocasino.com.  Looks like a
dictionary attack.  We're currently filtering it right and able to
sustain business operations as usual, but the attack continues.
Wondering if any of you can take a look at any of the botnets and find
out who might be behind this.

The ranges under attack are:

204.74.108.1/32
204.74.109.1/32
199.7.68.1/32
199.7.69.1/32
204.74.114.1/32
204.74.115.1/32

Thanks for any information any of you can provide,

Stefan Fouant: NeuStar, Inc.
Principal Network Engineer 
46000 Center Oak Plaza Sterling, VA 20166
[ T ] +1 571 434 5656 [ M ] +1 202 210 2075
[ E ] stefan.fouant at neustar.biz [ W ] www.neustar.biz


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 820 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090401/1513c841/attachment-0001.sig>

More information about the nsp-security mailing list