[nsp-sec] DDoS to Internap DNS Servers
Chip Gwyn
cgwyn at internap.com
Thu Apr 26 14:48:34 EDT 2012
Hello all,
We are currently seeing a multi-gig attack towards the following IPs:
ns-a.pnap.net has address 64.94.123.4
ns-b.pnap.net has address 64.94.123.36
ns-c.pnap.net has address 64.95.61.4
ns-d.pnap.net has address 64.95.61.36
and/or
dns3.sef.pnap.net has address 64.94.123.5
dns4.sef.pnap.net has address 64.94.123.38
dns3.acs.pnap.net has address 64.95.61.5
dns4.acs.pnap.net has address 64.95.61.38
We're seeing mostly udp port 53, but in large volumes. We're also noticing
source port 33333 for a good number of sources. If some folks could poke
around, it would be much appreciated.
Packet contents seem to indicate queries for AAAAAAAAA, so they are bogus.
Thanks all!
--
--chip
Chip Gwyn | IP Network Architecture
---------------------------------------------------------------
Phone 404.302.9976
cgwyn at internap.com * www.internap.com
INTERNAP
connectivity | colocation | managed hosting | cloud
One Ravinia Drive . Suite 1300 . Atlanta . GA . 30346
More information about the nsp-security
mailing list