[nsp-sec] DNS and SNMP Reflection Attack Hosts
David Freedman
david.freedman at uk.clara.net
Mon Jun 24 13:36:11 EDT 2013
Ack 8426, thanks!
Dave
On 24 Jun 2013, at 06:27, "Krista Hickey" <Krista.Hickey at cogeco.com> wrote:
> ----------- nsp-security Confidential --------
>
> [Apologies if this is a duplicate for you]
>
> File 622894 contains ~45K DNS resolvers observed attacking a host June 19, 2013 (peak approx 1.5Gbps)
>
> File 3952583 contains ~28K SNMP resolvers observed attacking a different host June 21, 2013 (peak approx 1Gbps)
>
> I was also working on an unrelated DNS reflection attack our hosts were participating in and in addition to usual isc.org queries I observed nukes.directedat.asia queries, I don't have many details on it at the moment but I think it speaks for itself and returns a fairly large record so perhaps someone from AS21928 T-Mobile may be interested, also found someone with thoughts on directedat.asia and some other suspect domains at http://dnsamplificationattacks.blogspot.nl/2013/06/domain-mydnsscanus.html which may be of interest.
>
> As before, details in the file, distribute as required for mitigation but no attribution please and if not necessary please strip target as well.
>
> Thanks
> Krista
> 7992
> <622894>
> <3952583>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list