[nsp-sec] DDoS Attack in progress
Daniel Goscomb
dang at goscomb.net
Fri Dec 23 15:25:15 EST 2011
Hi All
We have an attack in progress against one of our downstream customers which they have asked us to filter. We're currently filtering 2.2Gbps of UDP destined to 178.251.233.35 (ports 0 and 53). The source and destination ports are always the same (i.e. 0 and 0 or 53 and 53).
There is no DNS server on this box; its not legitimate traffic. Sources appear to be spoofed (3-5 hosts in a row from each /24 that seems to be in use).
If you could please check for any flows towards 178.251.233.35 it would be appreciated.
Cheers
Dan
More information about the nsp-security
mailing list