[nsp-sec] More UDP 'attention'
King, Link
Link.King at neustar.com
Tue Apr 26 06:59:32 EDT 2011
We're receiving another UDP/53 attack with a new target this time:
Target: 204.69.234.1 & 204.74.101.1
DST Proto/Port: UDP/53
Length: 55 bytes
Source ports: Various
Source IP's: Spoofed/tons
We're seeing around 1.5 Mpps hitting our two west coast data centers
almost exclusively and the sources are obviously spoofed (unfortunately).
The packet itself is malformed but interestingly includes a domain:
boxun.com. Presumably the target.
I realize without sources it's difficult but if any backbone folks could
take a look at flows to the above two destinations and notice anything
that would help track back source networks and such that might be helpful.
Thanks!
--
Link King
link.king at neustar.com
More information about the nsp-security
mailing list