North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS Flood
Resolved 199.108.32.203 to inspire3d.com Resolved 216.15.178.201 to Lets.lepak.net Resolved 129.180.11.17 to turing.une.edu.au Unable to resolve 216.41.23.68 Netname: OEMGREEN Netblock: 216.41.0.0 - 216.41.127.255 Maintainer: DHHC Resolved 208.235.124.20 to cardassian.keysdigital.com Unable to resolve 203.251.77 inetnum: 203.251.0.0 - 203.251.127.255 netname: KORNET descr: Korea Telecom "Jamie D." wrote: > Are there any other ISP's who are experiencing DNS floods, specifically I am > looking for traffic destined for (or coming from) the following IPs > > >>> 199.108.32.203 > >>> 216.15.178.201 > >>> 129.180.11.17 > >>> 216.41.23.68 > >>> 208.235.124.20 > >>> 203.251.77.1 > > It appears someone is running a script that is using these nameservers, as > well as the name servers of other educational facilities, to do a lookup on > mulitple servers in the amplitude of 3-4 a second. This activity has been > happening for the past 3 weeks, we have null routed this traffic on our > backbone, but it still shows up in Cache flow. > > This traffic actually saturated our customer's pipe as well as increased the > load on our backbone router. > > If anyone has seen anything at all like that, (specifically people from > UU.net or AT&T Worldnet) please lets band together and find the person doing > this. > > Thanks > Jamie D. | [email protected] > AT&T CERFnet| Network Analyst > 1-888-237-3638 opt 2 opt 2
|