[nsp-sec] DDoS to 212.97.109.168
Kurt Jaeger
pi at nepustil.net
Wed Sep 7 16:45:08 EDT 2011
Hi!
> > The attack of yesterday made a comeback.
> I have one DSL customer doing a constant DNS lookups of icann.org
>
> 16:28:52.337583 IP 67.43.130.51.53 > 212.97.109.168.53: 1875| 22/0/0 A
> 192.0.43.7, NS ns.icann.org., NS c.iana-servers.net., NS
> a.iana-servers.net., NS d.iana-servers.net., NS b.iana-servers.net.,
> SOA, MX pechora7.icann.org. 10, MX pechora8.icann.org. 10, MX
> pechora1.icann.org. 10, MX pechora2.icann.org. 10, MX
> pechora3.icann.org. 10, MX pechora4.icann.org. 10, MX
> pechora5.icann.org. 10, MX pechora6.icann.org. 10, AAAA
> 2001:500:88:200::7, DS, DS, RRSIG, RRSIG, DNSKEY, DNSKEY (1132)
>
>
> What time did the attack start. I can look at the flow logs for this
> customer prior to see if I can find any hint of where the c&c is.
Approx. 22:30 CEST today. The attack this morning started at 0:00 CEST
and lasted approx. 2-3 hours (not sure about the duration).
--
MfG/Best regards, Kurt Jaeger 9 years to go !
Dr.-Ing. Nepustil & Co. GmbH fon +49 7123 93006-0 pi at nepustil.net
Rathausstr. 3 fax +49 7123 93006-99
72658 Bempflingen mob +49 171 3101372
More information about the nsp-security
mailing list