[dns-operations] Reported DNS DDoS in China
wllarso at swcp.com
Tue Sep 26 19:43:54 UTC 2006
From the SANS mailing list:
Begin forwarded message:
> From: The SANS Institute <NewsBites at sans.org>
> Date: September 26, 2006 11:03:40 AM MDT
> Subject: SANS NewsBites Vol. 8 Num. 76
> ATTACKS, INTRUSIONS, DATA THEFT & LOSS
> --DNS Attack in China Takes 180,000 Web Sites Offline
> (26 September 2006)
> China's second largest domain name service (DNS) provider, Xinet, was
> hit with an eight-hour denial of service attack that disabled 180,000
> web sites. Many of the web sites are back on line and Xinet hopes to
> have the rest (primarily smaller sites) back on line by October 7. The
> Shanghai Daily site on which the attack is reported was one of the
> that had been disabled.
Any knowledge of what occurred? Something more than what is reported
in the public press. The only statement is "It is obviously not a
simple DDoS attack."
The only domain name specifically identified in this article has just
two DNS servers operated by Xinnet, both on a single 24 bit CIDR
subnet. Xinnet itself lists four servers on one 23-bit CIDR subnet.
Doesn't this seem unusual, short sighted, for a large provider of DNS
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations