[nsp-sec] 118K Resolvers used in 10Gbps attack
Stéphane Dodeller
dodeller at ip-plus.net
Fri Oct 11 03:49:18 EDT 2013
Hi Krista,
ACK for AS3303.
Cheers Stéphane
Le 10 oct. 2013 à 18:38, Krista Hickey <Krista.Hickey at cogeco.com> a écrit :
> ----------- nsp-security Confidential --------
>
> [Apologies if this is a duplicate and note that I've also sent this to our Canadian CERT for notification so you may get some duplicates from them as well]
>
> Hi All
>
> Been a while since i've spammed y'all but we got hit with a ~10Gbps DNS amplification attack yesterday that utilized 118K resolvers. This was aimed at a Tibia game server (http://en.wikipedia.org/wiki/Tibia_(video_game)<http://en.wikipedia.org/wiki/Tibia_%28video_game%29>) a customer of ours was independently running, while likely not directly related to our customer attack the main Tibia server (hosted in Germany?) seems to be aware of these types of attacks and eludes to invoking the security/LE cabals to investigate this but it's not clear of the date of the following post so not sure if there's anything of interest but in case it sparks any memories for anyone see http://forum.tibia.com/forum/?action=announcement&announcementid=25
>
> At any rate, please attempt to trace this attack if you can given a 10Gbps attack is nothing to sneeze at so be nice to track this one down. Otherwise share as required for mitigation and no attribution, timestamps and /24 of target are included but if you need more specific info or have questions please let me know. Also note that I'm working with some folks to try and automate some of these reports so I can stop spamming here but in the interim I thought this sizable attack was worthy to send out.
>
> Regards
> Krista
>
> Ps - Someone sent me the following forum post from earlier this year that supposedly lists the 'Top 10 Booters' so perhaps someone might have some time to dig into the domains and services as some stated 'So Powerful...Up for 2 years...Best Price....Great Support' etc etc so be nice if we can maybe impact a few of these Top 10 reviews :)
>
> hxxp://www.safeskyhacks.com/Forums/showthread.php?39-Top-10-DDoser-s-(Booters-Stressers)&ckattempt=1<http://www.safeskyhacks.com/Forums/showthread.php?39-Top-10-DDoser-s-%28Booters-Stressers%29&ckattempt=1>
>
> <649438>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list