|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS Flood
Hi Jamie, We are seeing it as well (same spoofed addresses). In our case, we tracked it to NAPNET @ AADS-NAP. Folks from NAPNET are looking at it but we have not heard back from them. - Vui > Are there any other ISP's who are experiencing DNS floods, specifically I am > looking for traffic destined for (or coming from) the following IPs > > >>> 199.108.32.203 > >>> 216.15.178.201 > >>> 129.180.11.17 > >>> 216.41.23.68 > >>> 208.235.124.20 > >>> 203.251.77.1 > > It appears someone is running a script that is using these nameservers, as > well as the name servers of other educational facilities, to do a lookup on > mulitple servers in the amplitude of 3-4 a second. This activity has been > happening for the past 3 weeks, we have null routed this traffic on our > backbone, but it still shows up in Cache flow. > > This traffic actually saturated our customer's pipe as well as increased the > load on our backbone router. > > If anyone has seen anything at all like that, (specifically people from > UU.net or AT&T Worldnet) please lets band together and find the person doing > this. > > Thanks > Jamie D. | [email protected] > AT&T CERFnet| Network Analyst > 1-888-237-3638 opt 2 opt 2 ======================================================================== Vui Q. Le Phone: (510) 495-2204 Energy Sciences Network (ESnet) Fax : (510) 486-6712 Network Engineering Services Group Email: [email protected] Lawrence Berkeley National Laboratory URL : http://www.es.net/ ========================================================================
|