[nsp-sec] DDOS against spamhaus.org nameservers - ANY attack
Leo Bicknell
bicknell at isc.org
Tue Sep 11 13:54:10 EDT 2012
In a message written on Tue, Sep 11, 2012 at 05:44:32PM +0000, Nick Ianelli wrote:
> We're seeing a big DDOS targetting our main nameservers at the moment.
> Several operators have reported 8-9 gbit/sec per nameserver, which
> puts the total confirmed traffic at 50+ gbit/sec. Targets are:
>
> ns8.spamhaus.org - 82.94.216.239 - Confirmed
> ns3.xs4all.nl - 194.109.9.101 - Confirmed
> fi503-hfj.surfnet.nl - 145.97.20.167 - Confirmed
> ns20.ja.net - 194.82.174.6 - Unconfirmed
> ns3.spamhaus.org - 192.150.94.200 - Confirmed
> fi503-nij.surfnet.nl - 195.169.124.73 - Confirmed
> ns.dns-oarc.net - 149.20.58.65 - Unconfirmed
>
> (Confirmed = Confirmed by network operator)
I can confirm 2Gbps at ns.dns-oarc.net. I can't confirm the type of
packets at this time, but 1.5Gbps of that came in two transit ports,
so that doesn't look like a _distributed_ attack to me. There may
have been distributed and non-distributed components.
--
Leo Bicknell; E-mail: bicknell at isc.org, Phone: +1 650 423 1358
INOC*DBA *3357*592; Internet Systems Consortium, Inc. www.isc.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20120911/e6757ef3/attachment-0001.sig>
More information about the nsp-security
mailing list