[nsp-sec] Perfect DNS DDoS against EasyDNS - help wanted...
Rodney Joffe
rjoffe at centergate.com
Fri Nov 11 14:21:53 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
First, sorry for duplicate posting if you see this twice.
Second, it looks like EasyDNS is undergoing what I wrote that paper about in 2004 - a tough DDoS.
Not because of the volume, but because of the profile.
EasyDNS is seeing queries from valid current recursive servers for domains they are *not* authoritative for. However, we looked at our recursive servers and we are not seeing any queries from us, but we are seeing responses from EasyDNS.
Easy is currently mitigating via Prolexic - this is the third in 24 hours. However, they're interested in getting help from us (you).
The queries are being made to 72.52.2.1, and are in the form LLLgames.com where LLL is a random 3 letters.
Could you please look at your flows for traffic headed towards that IP address?
The attack is under way now..
Thanks
Rodney
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAk69ddcACgkQRrelm2onc7AoZgCeI9T7yL9NPp2gt4NWvoGuwpTP
w68AnA2Vdcz097b+sKlsh7MUh+C+gVgL
=9j8c
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list