[nsp-sec] Backtracking .... Re: DNS Reflection DDoS
King, Link
Link.King at neustar.com
Thu Mar 3 08:21:30 EST 2011
>Hi Brett and Nathan,
>
>Are you running Netflow in your network so we can back trace the exits
>for these flows? These are all headed downstream to Neustar.
Only one active at the moment:
13:20:30.447908 IP (tos 0x0, ttl 240, id 6662, offset 0, flags [none],
proto: UDP (17), length: 64) 78.159.108.25.25345 > 156.154.71.22.domain:
[no cksum] 10809+ [1au] ANY? isc.org. ar: . OPT UDPsize=4096 (36)
Unfortunately, these seem to change so you might want to IM me (AIM:
kinger0003) and I can do some live data gathering.
--
Link King
link.king at neustar.com
More information about the nsp-security
mailing list