[nsp-sec] DNS and SNMP Reflection Attack Hosts

Tue Jun 25 08:55:48 EDT 2013

On Mon, Jun 24, 2013 at 05:25:02AM +0000,
 Krista Hickey wrote:

Ack 7671, thanks!

Yoshi

> ----------- nsp-security Confidential --------
> 
> [Apologies if this is a duplicate for you]
> 
> File 622894 contains ~45K DNS resolvers observed attacking a host June 19, 2013 (peak approx 1.5Gbps)
> 
> File 3952583 contains ~28K SNMP resolvers observed attacking a different host June 21, 2013 (peak approx 1Gbps)
> 
> I was also working on an unrelated DNS reflection attack our hosts were participating in and in addition to usual isc.org queries I observed nukes.directedat.asia queries, I don't have many details on it at the moment but I think it speaks for itself and returns a fairly large record so perhaps someone from AS21928 T-Mobile may be interested, also found someone with thoughts on directedat.asia  and some other suspect domains at http://dnsamplificationattacks.blogspot.nl/2013/06/domain-mydnsscanus.html which may be of interest.
> 
> As before, details in the file, distribute as required for mitigation but no attribution please and if not necessary please strip target as well.
> 
> Thanks
> Krista
> 7992
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________


-- 
Yoshitaka Inoue, CISSP
tel: +81 6 4803 8908 fax: +81 6 4803 8938
e-mail: inoue at nttsmc.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130625/722261ab/attachment-0001.sig>