[nsp-sec] Backtracking .... Re: DNS Reflection DDoS
King, Link
Link.King at neustar.com
Thu Mar 3 08:28:27 EST 2011
>Only one active at the moment:
>
>13:20:30.447908 IP (tos 0x0, ttl 240, id 6662, offset 0, flags [none],
>proto: UDP (17), length: 64) 78.159.108.25.25345 > 156.154.71.22.domain:
>[no cksum] 10809+ [1au] ANY? isc.org. ar: . OPT UDPsize=4096 (36)
>
>Unfortunately, these seem to change so you might want to IM me (AIM:
>kinger0003) and I can do some live data gathering.
FWIW, we are also seeing the same stuff coming across Global Crossing
(different DST on our side):
13:25:41.849475 IP (tos 0x0, ttl 238, id 62222, offset 0, flags [none],
proto: UDP (17), length: 64) 78.159.108.25.25345 > 156.154.70.22.domain:
[no cksum] 10809+ [1au] ANY? isc.org. ar: . OPT UDPsize=4096 (36)
--
Link King
link.king at neustar.com
More information about the nsp-security
mailing list