 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
The following came across the NANOG list today. Anyone else experiencing this? I have not seen mention of this specific attack previously, but realize that I may have overlooked it. Regards, -- Joseph W. Shaw Sr. Network Security Specialist for Big Company not to be named. I have public opinions, and they have public relations. ---------- Forwarded message ---------- Date: Tue, 09 Jan 2001 19:24:39 -0500 From: Steven M. Bellovin <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: DNS requests from 209.67.50.203 In message <[EMAIL PROTECTED]>, John Kristoff writes: > >I'm surprised this hasn't come up in NANOG yet... > >On a university list many sites are reporting large amounts of traffic >appearing to come from 209.67.50.203 to their DNS servers. The >administrator of the source IP (spoofed of course) is the victim of a >brutal DoS attack. The traffic is UDP/DNS queries that are appear to be >going directly to available DNS servers (as opposed to random hosts). >Most sites are reporting on the order of 6 or more packets per second to >their DNS servers. The victim has apparently seen upwards of 90 Mb/s of >traffic coming back in to them. Does anyone here have anymore >information on this attack? Yes, it's a DDoS attack, of the type that Vern Paxson has dubbed "refletor attacks". You send a forged DNS query to a DNS server; it sends its reply to the victim. Then you have lots of hosts around the net doing this, but banging on different DNS servers. --Steve Bellovin
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.