[nsp-sec] strange spoofed DNS attack (AS174)

[Nick Hilliard]

On 10/08/2010 11:03, Mike Tancsa wrote:
> They are sending a constant spew of DNS requests for a series of domains
> (~130 of them). A cursory look does not show any obvious pattern of
> ownership or authoritativeness other than the hosts being Chinese.

Looks to me like someone is hijacking 199.212.133.0/23 via some 
not-particularly-widely distributed bgp announcements in china.  There have 
been several of these sorts of incidents recently.

Do a google search for Todd Underwood's NANOG49 talk, "Prefixes as 
Probabilities".

Nick