[nsp-sec] DNS based DDoS Attack
Nicholas Ianelli
ni at centergate.net
Tue Jan 25 08:36:03 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Folks,
We are currently experiencing a manageable DDoS attack at roughly 1
million pps. These are legitimate looking DNS queries (port 53/UDP) for
the following domain:
zhantai.com
The queries are hitting the following two IP addresses:
204.69.234.1
204.74.101.1
** NOTE: the above are legitimate DNS servers please do NOT block
queries to it. **
If folks have intel on a C2 instructing bots to DDoS zhantai.com or see
an abnormally large amount of traffic destined to 204.74.101.1 and
204.69.234.1 I would love to have a chat with you.
We'll be going through the pcaps shortly and I'll provide more details
as I have them.
Thanks!
Nick
- --
Nicholas Ianelli: Neustar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAk0+0cMACgkQi10dJIBjZIA8ngCeIrvzxYQjTpxkxixlpewHvZTe
u4wAn2Chq8uIJnMeIlr9sc94sbTim+Wh
=WwHO
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list