[nsp-sec] Recent space of DNS reflection / amplification attacks - 80.172.228.0/24
David Freedman
david.freedman at uk.clara.net
Sun Jul 15 17:08:44 EDT 2012
One of our customers has been the victim of a recent spate of
some very heavy DNS Reflection / Amplification attacks.
Seems to mostly be a large enough payload to encourage
return fragmentation on a number of occasions (so possibly
EDNS0).
Despite having a small subnet, the surrounding IP space
has been targeted quite ferociously.
Just a note to say, if you see an influx of requests
purporting to originate from 80.172.228.0/24
, it is probably due to this, and I would be happy
if you could terminate this collection
with extreme prejudice.
Regards,
David Freedman
Claranet
More information about the nsp-security
mailing list