[dns-operations] Reported DNS DDoS in China
Bill Larson
wllarso at swcp.com
Tue Sep 26 19:43:54 UTC 2006
From the SANS mailing list:
Begin forwarded message:
> From: The SANS Institute <NewsBites at sans.org>
> Date: September 26, 2006 11:03:40 AM MDT
> Subject: SANS NewsBites Vol. 8 Num. 76
...
> ATTACKS, INTRUSIONS, DATA THEFT & LOSS
> --DNS Attack in China Takes 180,000 Web Sites Offline
> (26 September 2006)
> China's second largest domain name service (DNS) provider, Xinet, was
> hit with an eight-hour denial of service attack that disabled 180,000
> web sites. Many of the web sites are back on line and Xinet hopes to
> have the rest (primarily smaller sites) back on line by October 7. The
> Shanghai Daily site on which the attack is reported was one of the
> ones
> that had been disabled.
> http://www.shanghaidaily.com/art/2006/09/22/292743/
> Attack_confirmed__big_Websites_back_online.htm
Any knowledge of what occurred? Something more than what is reported
in the public press. The only statement is "It is obviously not a
simple DDoS attack."
The only domain name specifically identified in this article has just
two DNS servers operated by Xinnet, both on a single 24 bit CIDR
subnet. Xinnet itself lists four servers on one 23-bit CIDR subnet.
Doesn't this seem unusual, short sighted, for a large provider of DNS
services?
Bill Larson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060926/9d22dbc8/attachment.html>
More information about the dns-operations
mailing list